Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

This ransomware campaign has just returned with a new trick

March 10, 2020
in Internet Security
Ransomware warning: The gang behind this virulent malware just changed tactics again
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Ransomware: You can’t just rely on cloud-synced backups
Ransomware victims are finding out too late that their vital backups are online and also getting encrypted by crooks, warns cybersecurity agency.

A ransomware campaign has returned with a new trick to fool the unwary into compromising their network with file-encrypting malware. And it’s an attack which many Windows machines won’t even recognise as potentially malicious.

You might also like

Google Project Zero testing 30-day grace period on bug details to boost user patching

Cyberattack on UK university knocks out online learning, Teams and Zoom

Google backs new security standard for smartphone VPN apps

The new variant of Paradise ransomware – which has been active in one form or another since 2017 – spreads via phishing emails, but it’s different from other ransomware campaigns because it uses an uncommon – but effective – file type to infiltrate the network.

This campaign leverages IQY – Internet Query files – which are text files read by Microsoft Excel to download data from the internet. IQY is a legitimate file type, so many organisations won’t block it.

But cybersecurity researchers at Lastline have uncovered a campaign taking advantage of this to spread Paradise ransomware to targeted organisations.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)  

“We’re seeing attacks using IQY files because many commodity security products and automated systems do not, or can not, parse these file types. Attackers realize they have a very good chance of making it past rudimentary defenses,” Richard Henderson, head of global threat intelligence at Lastline told ZDNet.

The initial phishing messages are designed to look commercial in nature and encourage users to open an IQY attachment. If the victim does this, the IQY file connects to the command and control server run by the attackers, which in turn will drop a PowerShell command that’s used to execute the ransomware on the machine.

Once files are encrypted the victim is presented with a ransom demand – to be paid in cryptocurrency – in exchange for return to access to the network.

In an effort to further understand the attack, researchers attempted to communicate with the cyber criminals through the chat ‘support’ channel they offer for negotiating access to a decryptor – although they never received a reply, indicating that the current campaign might only be a test run for more expanded distribution of the new version of Paradise.

“Malware authors will often deploy malware that isn’t quite ready for prime time yet – they want to see how successful early versions of a new campaign are and how detectable their malware is against security products,” said Henderson.

The lack of ‘support’ response infers that they are still working out the kinks, and are trying to figure out the best ways for them to make money he added.

Cybersecurity researchers released a free decryption tool for a previous version of Paradise, but it appears that those behind the attacks are still pushing on.

It’s not known what sort of cyber criminal operation is behind Paradise, although researchers note that the ransomware won’t install on a machine if it detects the language ID as  Russian, Kazakh, Belarusian, Ukranian, or Tatar.

SEE: 30 years of ransomware: How one bizarre attack laid the foundations for the malware taking over the world

Ransomware continues to plague organisations across the world, with cyber criminals successfully demanding ransom payments worth hundreds of thousands of dollars in bitcoin on a regular basis.

However, one way in which organisations can avoid giving into the demands of cyber criminals – even if they fall victim to ransomware – is by making sure they have regularly updated offline backups of their systems, so if the worst happens, there’s a fall back option.

Organisations can also go a long way to protecting themselves from ransomware and other malware attacks by regularly applying the appropriate security patches, thus avoiding the possibility of known vulnerabilities in software being exploited by attackers as a means of compromising the network.

READ MORE ON RANSOMWARE AND CYBER SECURITY

Credit: Zdnet

Previous Post

Machine learning vs payment fraud: Transparency and humans in the loop to minimize customer insults

Next Post

Email Responsiveness: Build Trust, Sell More

Related Posts

Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
Swinburne University confirms over 5,000 individuals affected in data breach
Internet Security

Swinburne University confirms over 5,000 individuals affected in data breach

April 16, 2021
Next Post
Email Responsiveness: Build Trust, Sell More

Email Responsiveness: Build Trust, Sell More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Monitor Your SEO Placement with SEObase
Learn to Code

Monitor Your SEO Placement with SEObase

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO
Machine Learning

Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO

April 17, 2021
The “Blue Brain” Project-A mission to build a simulated Brain | by The A.I. Thing | Mar, 2021
Neural Networks

The “Blue Brain” Project-A mission to build a simulated Brain | by The A.I. Thing | Mar, 2021

April 17, 2021
A new collective to fight adtech fraud: Friday’s daily brief
Digital Marketing

A new collective to fight adtech fraud: Friday’s daily brief

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Monitor Your SEO Placement with SEObase April 17, 2021
  • Google Project Zero testing 30-day grace period on bug details to boost user patching April 17, 2021
  • Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO April 17, 2021
  • The “Blue Brain” Project-A mission to build a simulated Brain | by The A.I. Thing | Mar, 2021 April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates