Friday, April 16, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft

March 8, 2020
in Internet Security
Ransomware: These sophisticated attacks are delivering ‘devastating’ payloads, warns Microsoft
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Ransomware: You can’t just rely on cloud-synced backups
Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cybersecurity agency.

Microsoft has detailed the tactics and techniques of some of the most costly ransomware in recent years, which aren’t automated but rather are manually controlled by human hands at a keyboard.

You might also like

Mozilla to start disabling FTP next week with removal set for Firefox 90

Swinburne University confirms over 5,000 individuals affected in data breach

OWC partners with Acronis protect your backups from ransomware attacks

It warned that some ransomware groups are now using the same skills as nation-state-backed hackers, and show an “extensive knowledge of systems administration and common network security misconfigurations”, perform thorough reconnaissance, and then deliver “devastating” ransomware payloads. 

“Based on our investigations, these campaigns appear unconcerned with stealth and have shown that they could operate unfettered in networks,” Microsoft said.

The ransomware variants included in Microsoft’s survey are REvil, Samas or SamSam, Doppelpaymer, Bitpaymer, and Ryuk. The average ransom demand for REvil is $260,000, making it a ‘big game’ ransomware because of the targets selected and amounts demanded. US Fortune 500 engineer and industrial construction company EMCOR Group this week reported Ryuk impacted its Q4 2019 revenues because of the IT downtime it caused.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Microsoft has been monitoring another malware group it calls Parinacota (Microsoft is using volcanoes to name digital crime actors) for 18 months. They’ve historically hacked machines to install cryptocurrency miners and send spam, but recently started deploying Wadhrama ransomware on corporate networks in “smash and grab” attacks with ransom demands made within an hour of infiltration. If given the opportunity, the group also conducts reconnaissance and moves within the network, too. 

Parinacota mostly uses RDP brute force attacks to enter, scanning the internet for vulnerable devices and they trying a list of popular passwords.

Microsoft has identified one unique tactic the group employs. After gaining access to a network, the attackers test the compromised machine for internet connectivity and processing capacity, according to the Microsoft Threat Protection Intelligence Team. 

“They determine if the machine meets certain requirements before using it to conduct subsequent RDP brute force attacks against other targets. This tactic, which has not been observed being used by similar ransomware operators, gives them access to additional infrastructure that is less likely to be blocked. In fact, the group has been observed leaving their tools running on compromised machines for months on end,” says the team in a blog post.

Using stolen credentials in the attack, the group also uses admin privileges to kill security services that could detect its actions and then often downloads a ZIP archive stuffed with attacker tools like Mimikatz and the Sysinternals tool ProcDump for the next stages of attack, which focuses on dumping credentials from the LSASS process memory and then using an RDP session to exfiltrate the credentials.  

Because of all this background work, organizations that manage to clean up a Wadhrama infection often can’t fully remove the persistence mechanisms, leaving the target vulnerable to reinfection. 

The group charges between 0.5 to 2 Bitcoins ($4,500 to $18,268) per compromised machine. The attackers adjust the demand to how critical the machine is perceived to be. 

Part of the point of Microsoft’s post is to illustrate why security teams should be enabling features available in Windows Defender ATP, such as tamper protection and even standard safeguards, like security updates and Microsoft’s cloud-delivered antivirus. 

SEE: FBI: BEC scams accounted for half of the cyber-crime losses in 2019

Ryuk is another example of human-operated ransomware that often enters networks via the banking trojan Trickbot. 

“In our investigations, we found that this activation occurs on Trickbot implants of varying ages, indicating that the human operators behind Ryuk likely have some sort of list of check-ins and targets for deployment of the ransomware,” the team writes. 

Microsoft notes that Trickbot is often seen as a low-priority threat and therefore doesn’t get isolated immediately. 

“This works in favor of attackers, allowing them to have long-running persistence on a wide variety of networks. Trickbot, and the Ryuk operators, also take advantage of users running as local administrators in environments and use these permissions to disable security tools that would otherwise impede their actions,” they noted. 

Some companies have made these attacks easier by weakening their own internal security. Microsoft said some successful human-operated ransomware campaigns have been against servers that have antivirus software and other security intentionally disabled, which admins may have done to improve performance. “The same servers also often lack firewall protection and MFA, have weak domain credentials, and use non-randomized local admin passwords,” it said.

Credit: Zdnet

Previous Post

Weekly Digest, March 9

Next Post

Why the AI we rely on can't get privacy right (yet)

Related Posts

Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
Swinburne University confirms over 5,000 individuals affected in data breach
Internet Security

Swinburne University confirms over 5,000 individuals affected in data breach

April 16, 2021
OWC partners with Acronis protect your backups from ransomware attacks
Internet Security

OWC partners with Acronis protect your backups from ransomware attacks

April 16, 2021
NordVPN review: A market leader with consistent speed and performance
Internet Security

NordVPN review: A market leader with consistent speed and performance

April 16, 2021
Microsoft rolls out Edge 90, with new history search, Kids Mode, to mainstream users
Internet Security

Microsoft rolls out Edge 90, with new history search, Kids Mode, to mainstream users

April 16, 2021
Next Post
Why the AI we rely on can’t get privacy right (yet)

Why the AI we rely on can't get privacy right (yet)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
QScout Quantum Computer from Sandia Labs Open for Research Business  – AI Trends
Artificial Intelligence

QScout Quantum Computer from Sandia Labs Open for Research Business  – AI Trends

April 16, 2021
Scientists use machine learning to classify millions of new galaxies
Machine Learning

Scientists use machine learning to classify millions of new galaxies

April 16, 2021
Swinburne University confirms over 5,000 individuals affected in data breach
Internet Security

Swinburne University confirms over 5,000 individuals affected in data breach

April 16, 2021
Scientists Working on Continual Learning to Overcome ‘Catastrophic Forgetting’ 
Artificial Intelligence

Scientists Working on Continual Learning to Overcome ‘Catastrophic Forgetting’ 

April 16, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Mozilla to start disabling FTP next week with removal set for Firefox 90 April 16, 2021
  • Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems April 16, 2021
  • QScout Quantum Computer from Sandia Labs Open for Research Business  – AI Trends April 16, 2021
  • Scientists use machine learning to classify millions of new galaxies April 16, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates