Skip to content

A new group of ransomware uses an unprecedented attack method

May 22, 2020

A new study warns of this a new method for ransomware attacks This causes a virtual machine (such as VirtualBox) to run on target computers to infect it. The attack can take place outside the reach of the local antivirus software on the computer.

According to the UK-based cybersecurity company Sophos, the ransomware group Ragnar Locker is known pretty selective in choosing their victims. Ragnar’s goals are more companies than individual users.

Almost 1,850 rescue BTCs claimed in a single attack

Ragnar Locker asks the victims large amounts of money to share your files. It also threatens to release sensitive data if users don’t pay the ransom.

A new group of ransomware uses an unprecedented attack method
A new group of ransomware uses an unprecedented attack method

Sophos gave the example of the Energias de Portugal network, the stole 10 TB of confidential data and requested payment of nearly 1,850 Bitcoin (BTC), about $ 11 million (at press time) so as not to lose the data.

Ransomware’s Operandi mode is to exploit vulnerabilities in remote desktop applications on Windowswhere they get administrator access to the computer.

With the appropriate permissions, attackers configure the virtual machine to interact with the files. Then continue with Start the virtual machine. Run a simplified version of Windows XP called “Micro XP v0.82”.

Ransomware tactics are becoming “evil and extreme”

Speak with Cointelegraph, Brett Callow, threat analyst In the Emsisoft Malware Lab, he provided further details about Ragnar Locker:

“It has recently been observed that operators start ransomware from a virtual machine in order not to be recognized by security protocols. Like other ransomware groups, Ragnar Locker steals data and uses the impending introduction as an additional lever to extort payments. If the company doesn’t pay, the stolen data will be posted on the group’s Tor website. ”

Callow claims that The tactics implemented by ransomware groups are becoming “evil and extreme”.While other ransomware groups are now threatening to sell the data to the victim’s competitors or use it to attack their customers and business partners.

Emsisoft Threat Specialist adds the following:

“Companies in this situation do not have good options. Even if the ransom is paid, they simply have an evil actor’s false promise that the stolen data will be removed and not misused. “

Recent ransomware attacks

10th of May, Cointelegraph reported on a study by Group IB This revealed another type of ransomware that bank Trojans use to attack governments and businesses, and to raise red flags between the cyber security community and the FBI.

A ransomware gang called REvil also recently threatened to disclose nearly 1 TB of legal secrets deprived of the world’s greatest music and film stars, including Lady Gaga, Elton John, Robert DeNiro and Madonna.