Ransomware and its current attack vectors

-
.

What would be the biggest threat one could consider to their organization? Well, I would say it would depend on what your organization does. I suppose that if you are part of a government organization, then one should be looking out for their adversaries and their state-sponsored threats like APT’s (Advanced Persistent Threats) from China or APT’s Middle East in the case of India. Not only this one would be looking for any exploits being used in the wild, insider threats, and ransomware that is targeting your organizations. This article will be writing about how ransomware gangs have become the greatest threat in cyberspace and APT’s are not even close to it. This might be a controversial one as the threat in the sense changes from one perspective to another.

Ransomware has evolved from its first ransomware in 1989 AIDS Trojan made by Joseph L. Popp which was spread via diskettes labeled as “AIDS Information…” And this had malicious code that would hide and lock some files out and would demand a ransom of ~$190 sent to PO in Panama. But ransomware has evolved way past that ‘AIDS Trojan’, now ransomware gangs have their own organized crime groups which in turn is constituting a more than $500 billion underground industry.

When one thinks of ransomware, he/she/they generally think of when someone executes unknown software or document downloaded from the web that encrypts their files and changes their extension to something random like .Crypt, .Lock, or something similar to this, or sometimes changing your background to a red alert image that shows a pop-up with a warning that your files have been encrypted. Send us xxxxBTC to our bitcoin address, and we will send you the decryption key. Similar to the image below.

.

. The above image is from wannacry ransomware that exploits EternalBlue an exploit in Windows 7 OS, where the original exploit Eternal Blue was created by NSA which was hacked and had data breach by organized crime group ‘Shadow Brokers’. With this exploit put online North Korean state-sponsored APT-38.

Lazarus has developed WannaCry and this lead to one of the largest cyberattacks in history with infecting over 200,000 computers across the world and mainly affecting the healthcare industry in the U.K. Now, this wannacry had additional features like scanning other devices in the same network to find if the system is vulnerable to Eternal Blue if it was then it would go and infect that system too. This way it pivoted the system it infected and moved laterally across the network infecting hundreds of thousands of systems.

Now, this was the story 4 years ago, now ransomware gangs have become more sophisticated than this. Like ransomware gangs are not only focusing on encrypting the files forcing one to pay the ransom, they have even started to extort the data of the victim’s servers which they will use to blackmail the organizations that deny paying the ransomware. A few of the ransomware gangs and the number of organizations.

  • Conti 291
  • MAZE 266
  • Egregor 206
  • Sodinokibi (REvil) 179
  • DoppelPaymer 174
  • NetWalker 144
  • Pysa 103
  • Avaddon 61
  • DarkSide 58
  • CLoP 43
  • Nefilim 32
  • Everest 26
  • Suncrypt 22
  • Ragnar_Locker 22
  • Ragnarok 20
There are more ransomware gangs are operating in the wild such as dearcry, Black Kingdome, Qlocker ransomware that is dependent on new exploits or zero-days that haven’t been patched and operate for shorter periods of time, something like opportunists. while this ransomware might not have the capability to extort data like the above-listed ransomware groups.

And these ransomware gangs have put up stolen data from organizations on the dark web. Where they put it like some kind of notice where they warn to put the data online for free or sell it to someone who might be interested in orgs data. In such case, REvil or Sodinokibi had pwned Taiwan based Quanta Computers that make Apple products like iPad’s and with Quanta Computers denying to pay the ransom amount they have put up a notice to Apple Inc. to buy back their data before May 1 or they will put their confidential plans and blueprints of future designs online and they even have posted some sample images of the blueprints of MAC’s.



Comments

Post a Comment

Popular posts from this blog

Waiting for 5G connection? Researchers have this dire warning for you

-
Image
5G launch: The next-generation wireless network technology 5G is slated to be rolled out at the end of 2019. But ahead of its worldwide roll-out, researchers have revealed the sheer vulnerability in the network that allows for spying of data over airwaves. According to news agency ANI, a research paper from the Technical University of Berlin, ETH Zurich and SINTEF Digital Norway details the privacy threat with the 5G network. The vulnerability affects Authentication and Key Agreement (AKA) that ensures your phone securely communicates with cellular networks. It allows hackers or data thieves to steal information from 5G airwaves such as the number of calls made, text messages sent, and so on. Although the researchers tested the threat on an existing 4G network, the attacks can apply to 5G networks once they are available. The threat is in contradiction to the protection 5G was supposed to provide against International Mobile
Read more