Ransomware attackers expand the attack surface. This Week in Ransomware Friday, Sept 2 – IT World Canada

Posted on by

Ransomware continues to grow and expand, both in the number of attackers and the number of potential victims. This week we feature some of the attackers strategies described in recent news items.

Whats next Ransomware in a box? New Agenda Ransomware can be customized for each victim

A new ransomware strain called Agenda, written in Googles open source programming language Go (aka Golang) was detected and reported by researchers at Trend Micro earlier this week. There has been trend towards using newer languages like Go and Rust to create malware, particularly ransomware.

The fact that many of these languages can operate cross platform makes them a much greater threat. Go programs are cross platform and stand alone. They can execute without a Go interpreter on the host system.

In addition, the creators have added a new wrinkle making this new variant easily customizable. This new strain is being sold on the dark web as Ransomware as a Service (RaaS). Qilin, the threat actor that is selling it to its affiliates, claims it will allow them to easily customize, for each victim, the:

Finally, Agenda has a clever detection evasion technique also used in the other ransomware variant REvil. It changes the user password and enables automatic login with the new credentials. This allows the attacker to use safe mode to reboot and control the victims system.

Trend Micro reported that this allowed one attacker to move from reconnaissance to full-fledged attack in only two days. On the first day, the attacker scanned a Citrix server, and on the second day mounted a customized attack.

For more information you can review the original Trend Micro posting.

New Linux ransomware families

Another way that threat actors are expanding the attack surface is by targeting Linux, one of the predominant operating systems used on internet and cloud servers. RaaS offerings are increasing targeting Linux systems.

Although regarded as a very secure operating system, and despite a consistent move to patch vulnerabilities, the large number of Linux offerings used world-wide ensures there are a significant number of vulnerabilities at any given time. Failure to update and patch systems creates a large potential target base.

But software vulnerabilities are not the only area of weakness. Configuration mistakes are often the more likely factor in the breach of a Linux system, according to researchers at Trend Micro.

Remarkably, these include easily remedied issues such as:

To quote Trends report, given the prevalence of Linux, ransomware actors find the operating system to be a very lucrative target.

Ransomware going to the dogs is no joke

As RaaS and customizability become more and more prevalent, theres an increasing ability to target smaller and more specific groups. We are familiar with ransomware attacking health care organizations, but recently the United Veterinary Services Association has written to its members with recommendations to increase ransomware prevention after an attack that hit more than 700 animal health networks around the world.

It is a reminder that no group, regardless of size or type of business, is immune to ransomware.Every organization must communicate the need to have, at a minimum, the basics of ransomware protection in place:

Read more:
Ransomware attackers expand the attack surface. This Week in Ransomware Friday, Sept 2 - IT World Canada

Related Posts
This entry was posted in $1$s. Bookmark the permalink.