登录查看更多内容

Growing Ransomware Attacks in the time of Coronavirus Pandemic

Dr. Shekhar Pawar

Founder & CEO @ SecureClaw & GrassDew IT Solutions ??? Doctorate in Cybersecurity from SSBM Switzerland ?? We Offer???Virtual CISO | VAPT | SAST | BDSLCCI | Software Development | Teleservices

发布日期: 2020年4月27日

Let’s recall recent headline - “Cognizant hit by 'Maze' ransomware attack amid coronavirus crisis. The anonymous hackers behind Maze have made headlines in recent months for publicly holding their victim’s hostage by threatening to leak company information if the target doesn't pay the ransom.” Many of us have heard about Ransomware attacks, I am not sure how many of you had experienced the pain once your system is ransomware attacked. In this article, I am sharing more about recent Ransomware attacks happening in globe. I have gathered this information in regular studies from various sources of Cyber news.

Let's understand - what is a Command and Control Server?

Command and Control servers are also known as "C&C" or "C2", are used by cyber criminals or attackers to maintain communications with compromised systems within a target network. Such systems can include Computers, Smartphones and number of IoT devices.

What is Ransomware Attack?

In simple English, word "Ransom" means a sum of money demanded or paid for the release of a captive.

Ransomware is one of form of malware that encrypts a victim's files. Then attacker demands a ransom from the victim to restore access to the data upon payment.

Victims are shown instructions for how to pay hacker to get the decryption key. This cost can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. Then also there is no guarantee to get decryption key from attacker, although these criminals assure victim that they will decrypt infected system after receiving payment.

Well organized Ransomware attacks is a growing business for cyber criminals.

Ransomware Attack with Coronavirus or COVID-19 Theme?

At the start of this article, I wrote about the Maze ransomware which is part of a new wave of particularly devious strains of ransomware which steal data before encrypting it and later threatens to release this stolen data if the victim organization does not pay.

Recently mostly from second half of March 2020, intensity of many Ransomware attacks has increased at several places in world which has taken advantage of COVID-19 situation faced by world.

Common thing is User opens malicious attachment, which is placed as say email subject line "W.H.O. Urgent Coronavirus Instructions".

Formbook is an information stealer which is sold as a service to hackers. It has capability such as monitoring, screenshotting, keylogging, webform hijacking, downloading additional payloads and communicating with a C2 server. Then formbook injects itself into Explorer.exe through which it steals credentials and victim's information. Then formbook communicates with C2 server.

Another type of attack happened around same time, which is again with the help of Coronovirus theme with alert from WHO used to deliver Trickbot banking malware. Trickbot is a modular banking trojan that targets customers of major banks. It is used to steal sensitive financial information of Victim and exfiltrate that data to a command and control (C&C) server.

There are few more types of ransomware attacks happened during recent weeks such as Spoofed Coronavirus Map which used to deliver Azorult Infostealer, Lokibot Ransomware and Net Agent Tesla Infostealer Campaigns use Coronavirus.

HOW TO PREVENT RANSOMWARE ATTACK?

Most of Ransomware attacks happens on RDP as its initial entry point and secondly on phishing methods. If as an organization you take care of these two areas, it will reduce risk of successful Ransomware attack impacting your business.

1. Periodic Employee education on Cybersecurity awareness is must. Human beings are always weakest link for any successful Cyber-attack. Remember, you and your employees are always being Socially Engineered for well-planned cybercrime.

2. Organizations should invest in processes to safeguard their valuable assets.

3. As a user, one should never Enable Macros on his or her machine.

4. Organization should implement strong password policy for all users.

5. All employees must be aware of any archive files such as .zip, .gz, .rar, .7z, .sitx etc., which can easily infect system. Most importantly, it is better to be extra conscious for any archive files with small sizes.

6. Always check extensions of file, never open files with extension .bat, .exe, .cmd or .vbs

7. Be aware of PHISHING attacks via SMS, Messages or even Emails. Never click on unknown links reached to you.

8. Never open any vague email, always be suspicious about unexpected or urgent emails, such as financial institute urgently demanding information etc.

9. Install latest security and firmware updates.

10. Implement Email Security solutions.

11. Place Remote Desktop Protocol (RDP) servers behind firewalls. Most importantly, always limit number of users who can access remote desktops.

12. Enable network level authentication (NLA).

13. Invest on threat intelligence for your organization environment. Leverage threat intelligence with foundation security wrapped around DNS.

14. Implement regular system and data backup process. Most importantly, always store backup data offsite and off the network.

GrassDew IT Solutions Pvt Ltd provides Cybersecurity services, IT Consulting services, Software Solution services(software development, maintenance and products), Digital Marketing, Telecom Services, and Knowledge Training (Soft Skill and IT Technical Training) Services.

We can help you with IT System - Security or Process audits as well as Telecommunication solutions. To know more about our services you can contact us at email id [email protected] or call at (+91) 882-821-2157.

Keep reading our articles and do provide your feedback in comments!

Top 6 Benefits of Internet Leased Line (ILL) over Broadband Internet

Resolving Top 8 Areas of Concerns by Clean Internet (Security as a Service)

Top 3 Telecom Solutions for Organizations while Employees are Working from Home

Air Team Theory's Book Review in QED, UK Newsletter

Applying Ideas in Real World - Air Team Theory

GrassDew's Article in Industrial Automation Magazine on Cybersecurity Assessment for Mobile Applications

oHRMS Software Product by GrassDew is recognized as Top 10 Most Recommended Employee Management Software Solution Providers of 2019 by CIO Insider

What is GrassDew? in QED September 2019 Newsletter

Interview in "The Co-Founder" magazine by GrassDew CEO Mr. Shekhar Pawar

GrassDew's Article in Industrial Automation Magazine on GAP Analysis & Organisational Efficiency

4 Important Classifications of Physical Threats for IT Systems