New Ransomware Employs Never-Before-Seen Attack Method

Published on by Cointele | Published on

A new study warns of a new ransomware attack method that runs a virtual machine on target computers in order to infect them with the ransomware.

This may play the attack beyond the reach of the computer's local antivirus software.

According to the UK-based cybersecurity firm Sophos, the Ragnar Locker attack is quite selective when choosing its victims.

Sophos gave the example of the network of Energias de Portugal, who stole ten terabytes of sensitive data, demanding payment of 1,850 Bitcoin in order not to filter the data.

The modus operandi of ransomware is to take advantage of vulnerabilities in the Windows remote desktop app, where they obtain administrator-level access to the computer.

With the necessary permissions granted, attackers configure the virtual machine to interact with the files.

"The operators have recently been observed to launch the ransomware from within a virtual machine to avoid detection by security products. Like other ransomware groups, Ragnar Locker steals data and uses the threat of its release as additional leverage to extort payment. Should the company not pay, the stolen data is published on the group's Tor site."

Callow claims that the tactics deployed by ransomware groups are becoming ever more "Insidious and extreme", considering that the ransomware gangs behind Ragnar Locker now threaten to sell the data to the victim's competitors or use it to attack their customers and business partners.

"Companies in this situation have no good options available to them. Even if the ransom is paid, they simply have a pinky-promise made by a bad faith actor that the stolen data will be deleted and not misused."

Recent ransomware attacksOn May 10, Cointelegraph reported on a study by Group-IB that revealed another type of ransomware that uses banking trojans to attack governments and companies, raising the red flags among the cybersecurity community and the FBI. A ransomware gang called REvil also recently threatened to release almost 1TB of private legal secrets from the world's biggest music and movie stars, such as Lady Gaga, Elton John, Robert DeNiro, Madonna, among others.

x