Ransomware is Getting Information Stealing Capabilities!
This post is originally written for Theta432. You can access it here.
News of ransomware attacks has become so regular that it has become the new normal. And we can certainly say that ransomware is not going to die soon. Numerous governments, hospitals, financial institutions, schools, etc., have been the targets. Ransomware attacks occur across all industries, and ransomware does not even spare individuals. The problem here is, not everyone is prepared. There is no plan in place in most of the organizations to effectively overcome a ransomware attack. Ransomware can be defeated and it can be defeated only by having a good backup policy. In case there is an attack and your data gets encrypted, there is only one way out. Either you pay ransom (even after paying ransom there is news that many people do not get back the data ) or restore your data from a backup which is isolated from the network and safe and secure from malicious attacks.
There is an interesting development recently. Ransomware is getting more and more sophisticated and it is getting more and more capabilities.The latest on the ransomware is that FTCODE ransomware has information stealing capabilities added to it.
A team of researchers from Zscaler found this info stealing capability in FTCODE ransomware. According to them, the latest version of FTCODE added credentials stealing functionality which was absent in the earlier versions. It steals credentials from the browsers as well as email clients. Credentials are stolen from Internet Explorer,Mozilla Firefox, Mozilla Thunderbird, Google Chrome, Microsoft Outlook.
This added ability is actually much more dangerous than the encryption of data. Ransomware will now be able to steal credentials also. And hence just having a safe backup and restoring it back in case of an attack is not enough now. You must have a robust monitoring system which can defend and respond to any eventualities.
How to deal with this?
The first thing an organization has to do is to keep on educating it's employees about Cyber Security.
- Any ransomware attack can be defeated by a good data backup policy. Hence have a policy where you have at least one backup which is not reachable by a ransomware.
- 24x7 monitoring and defense programs have to be implemented to see if there are any anomalies in the system, if found then there has to be an effective response.
Theta432 can give you a perfect backup plan and defeat any ransomware attack. And you can avail Theta432's 24x7 monitoring and defense programs to keep the ransomware and any malware with information stealing capability at bay.
Authored by
Basheer Ahmed Khan
Theta432 Director of Operations, India