[BreachExchange] New Ransomware seeks to destroy your business

Audrey McNeil audrey at riskbasedsecurity.com
Mon Feb 5 20:06:10 EST 2018


Ransomware – a type of malware that infiltrates and infects a user or
company’s system and encrypts their data, holding the organisation to
ransom until a large sum of money is paid in return for a decryption key to
unlock it – is more pervasive than ever. However, the emergence of a new
type of ransomware strain late in 2017 showed a sinister new face to the
already destructive malware. Rather than having their data recovered when
they paid their ransom, the victims of the attack found their data
completely and irretrievably wiped, even after paying large sums of money
to recover their information.

Whereas ransomware, in the traditional sense, seeks to make its
perpetrators wealthy, the new strain seeks to destroy. It mimics ransomware
and operates in a very similar fashion, accessing victim’s computers
through an infected link or attachment, encrypting the data on the machine
and any other servers it can spread to. However, the new strain is also
able to elevate user access, meaning it can obtain user credentials and
move laterally – undetected – between systems. The effects of such a wave
can be catastrophic, with devastating financial and reputational

This new type of data wiping ransomware begs the question: who are the new
cybercriminals intent on malicious sabotage of information, what do they
stand to gain, and has ransomware evolved to be called “destructionware”,
given its tendency to destroy rather than hold to ransom? We take a look at
the possible motives behind “destructionware” purveyors, and how South
African businesses can protect themselves from falling victim.

Cybercrime as a business
In cybercrime circles, what has been a simple get-rich-quick scheme for
individual hackers and hacker syndicates, has evolved into a lucrative
business. Ransomware-as-a-service (Raas) is increasingly being offered by
industrious syndicates, who make a cut from their customers’ use of the
code that they provide. However, as evidenced by the “destructionware”
outbreak, money is no longer the primary objective of the cybercriminal
world, and more sinister motives appear to be at play.

One potential motive is sheer bragging rights. Cybercriminals, or hackers,
inhabit the Darkweb, an underground Internet used for nefarious purposes,
and many develop reputations among their peers based on their expertise.
It’s safe to say that a malware such as “destructionware” would launch the
hacker or syndicate, responsible into the limelight, giving them a level of
fame in cybercriminal circles.

The bragging rights that “destructionware” gives its makers effectively
allows them to name their price for services such as RaaS, going forward.
They also obtain that which every hacker seeks: the respect of their peers
for bringing a large portion of global business to its knees with a few
simple tweaks of an already prevalent malware.

Of course, there are those who would seek the services of such hackers or
syndicates, for their own malevolent reasons. Former employees who bear a
grudge against previous employers; activists who protest an organisation or
government’s business practices; terrorist groups who want to add
cyberterrorism to their arsenal; victims of lost investments; or even
merely jealous individuals who wants to destroy that which they cannot, or
do not, have.

RaaS has made ransomware – and now “destructionware” – accessible to anyone
who wants to create and capitalise on the havoc it generates. One thing is
certain: with ransomware and “destructionware” being so readily available,
the likelihood of further and more evolved attacks occurring is high, and
business owners need to take the necessary steps to protect themselves as
best as possible.

Protecting yourself and your business
If organisations do not already have a comprehensive 360-degree security
strategy, then the time is right to do implement one. A comprehensive
strategy incorporates preventative security controls in the form of the
necessary Operating System (OS) patches, effective anti-malware solutions,
complete system protection, end point security, data centre security,
perimeter and access control, and more.

New developments in cyber security are using data analytics and AI to scour
patterns an identify anomalies which could pre-empt or signify attack, with
the goal of shutting shown systems connected to the infected device to
prevent the malware from spreading. As cybercrime evolves, so does cyber
security, however evolving cyber security also creates new challenges that
hackers are only too eager to crack. As such, a cycle of ongoing cybercrime
versus cybersecurity measures is born.

A truly effective security strategy needs to be underscored by education.
Users within an organisation must be educated on cybercrime and safe
browsing habits. When employees understand what to look out for and how to
safely navigate all Internet enabled services, they automatically reduce
the risk of infection and attack. Ransomware and “destructionware” cannot
succeed without willing participation of the victim in that he or she needs
to physically click on the infected link or attachment in order to download
the malware.

In an environment that is increasingly reliant on Internet connected
devices and where Bring-Your-Own-Device (BYOD) is a fairly common practice,
even with a comprehensive security strategy there can be vulnerabilities.
Users who understand the risks of clicking on unknown attachments or links
are less likely to do so without carefully researching and understanding
the source of the link or attachment.

Education also encourages users to practice safer browsing habits outside
of their office, leading to less likelihood of an infected device entering
the organisation’s environment.

Security needs to be tackled from multiple angles, and not simply opted for
as a necessary evil. When profits and reputations are at risk, businesses
simply cannot afford not to invest in security, and the value of having a
comprehensive system in place to prevent malware attacks must not be
underestimated – just ask any one of the 65 or more large companies who
were hardest hit by “destructionware” and may never recover their losses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180205/8924e58e/attachment.html>

More information about the BreachExchange mailing list