A brand new examine warns of a brand new ransomware assault methodology that runs a digital machine on course computer systems in an effort to infect them with the ransomware. This will play the assault past the attain of the pc’s native antivirus software program.
In line with the UK-based cybersecurity agency Sophos, the Ragnar Locker assault is kind of selective when selecting its victims. Ragnar’s targets are typically firms slightly than particular person customers.
Nearly 1,850 BTC in ransom demanded in a single assault
Ragnar Locker asks victims for giant quantities of cash to decrypt their information. It additionally threatens to launch delicate knowledge if customers don’t pay the ransom.
Sophos gave the instance of the community of Energias de Portugal, who stole ten terabytes of delicate knowledge, demanding cost of 1,850 Bitcoin (BTC) so as to not filter the information. 1,850 BTC is value roughly $11 million as of press time.
The modus operandi of ransomware is to make the most of vulnerabilities within the Home windows distant desktop app, the place they acquire administrator-level entry to the pc.
With the required permissions granted, attackers configure the digital machine to work together with the information. They then proceed as well up the digital machine, working a stripped-down model of Home windows XP referred to as “Micro XP v0.82.”
Ransomware techniques are getting extra “insidious and excessive”
Talking with Cointelegraph, Brett Callow, risk analyst at malware lab Emsisoft, offered extra particulars on Ragnar Locker:
“The operators have lately been noticed to launch the ransomware from inside a digital machine to keep away from detection by safety merchandise. Like different ransomware teams, Ragnar Locker steals knowledge and makes use of the specter of its launch as extra leverage to extort cost. Ought to the corporate not pay, the stolen knowledge is revealed on the group’s Tor web site.”
Callow claims that the techniques deployed by ransomware teams have gotten ever extra “insidious and excessive”, contemplating that the ransomware gangs behind Ragnar Locker now threaten to promote the information to the sufferer’s opponents or use it to assault their prospects and enterprise companions.
The risk specialist from Emsisoft provides the next:
“Firms on this scenario don’t have any good choices accessible to them. Even when the ransom is paid, they merely have a pinky-promise made by a nasty religion actor that the stolen knowledge will probably be deleted and never misused.”
Latest ransomware assaults
On Could 10, Cointelegraph reported on a examine by Group-IB that exposed one other sort of ransomware that makes use of banking trojans to assault governments and firms, elevating the crimson flags among the many cybersecurity group and the FBI.
A ransomware gang referred to as REvil additionally lately threatened to launch nearly 1TB of personal authorized secrets and techniques from the world’s greatest music and film stars, comparable to Woman Gaga, Elton John, Robert DeNiro, Madonna, amongst others.