A new study warns of a new ransomware attack method that runs a virtual machine on target computers in order to infect them with the ransomware.
This may play the attack beyond the reach of the computer's local antivirus software.
According to the UK-based cybersecurity firm Sophos, the Ragnar Locker attack is quite selective when choosing its victims.
Sophos gave the example of the network of Energias de Portugal, who stole ten terabytes of sensitive data, demanding payment of 1,850 Bitcoin in order not to filter the data.
The modus operandi of ransomware is to take advantage of vulnerabilities in the Windows remote desktop app, where they obtain administrator-level access to the computer.
With the necessary permissions granted, attackers configure the virtual machine to interact with the files.
"The operators have recently been observed to launch the ransomware from within a virtual machine to avoid detection by security products. Like other ransomware groups, Ragnar Locker steals data and uses the threat of its release as additional leverage to extort payment. Should the company not pay, the stolen data is published on the group's Tor site."
Callow claims that the tactics deployed by ransomware groups are becoming ever more "Insidious and extreme", considering that the ransomware gangs behind Ragnar Locker now threaten to sell the data to the victim's competitors or use it to attack their customers and business partners.
"Companies in this situation have no good options available to them. Even if the ransom is paid, they simply have a pinky-promise made by a bad faith actor that the stolen data will be deleted and not misused."
Recent ransomware attacksOn May 10, Cointelegraph reported on a study by Group-IB that revealed another type of ransomware that uses banking trojans to attack governments and companies, raising the red flags among the cybersecurity community and the FBI. A ransomware gang called REvil also recently threatened to release almost 1TB of private legal secrets from the world's biggest music and movie stars, such as Lady Gaga, Elton John, Robert DeNiro, Madonna, among others.
New Ransomware Employs Never-Before-Seen Attack Method
Published on May 22, 2020
by Cointele | Published on Coinage
Ethereum stands to benefit greatly from DeFi "eating" traditional finance: analysts
There are many hacks of DeFi applications, like when a hacker recently drained $25 million worth of Ethereum and other crypto assets from a decentralized lending platform called dForce.
Electroneum to Launch Electricity Top-Ups Across Africa
The blockchain-based digital payment project, Electroneum, will be launching an in-app electricity top-up feature across four African countries - Nigeria, Senegal, Mali and The Gambia.
Colombia Is The Ransomware Capital Of Latin America
A study unveiled on May 28 by the National Police of Colombia shows that ransomware attacks are a rising trend across the country.
SEC Comm: A Bitcoin ETF Could Help Fairly Price Grayscale's GBTC
The SEC commissioner Hester Peirce believes that a Bitcoin ETF could help price more fairly Grayscale's Bitcoin Trust.