Fjern Omnatuor.com Vis varsler. Fjern Omnatuor.com Vis varsler?

Nylig publiserte forskere fra cybersikkerhetsselskapet Lumu Technologies et ganske informativt flashkort om løsepengevare. I 2021 de samlet inn 21,820,764 indikatorer på kompromiss som var relatert til et av de avgjørende trinnene i løsepengevareangrep - løsepengevareforløper.

Hva er løsepengevareforløperen?

Spesialister fra Lumu Technologies bemerker at ransomware-angrep ikke kommer fra ingensteds. On the contrary these are often carefully and meticulously orchestrated. And the ransomware precursor being the important part of the whole ensemble.

Attack groups rely on these malware strains to collect the needed info on the targeted network and prepare the set up for the data theft and encryption. Here lies the possibility. Once detecting the ransomware precursor security teams can successfully stop the full blown ransomware attack.

A full-blown ransomware attack is the end result of a chain that starts with seemingly innocuous malware,” specialists from Lumu Technologies say in the Flashcard.

Shutting down any communications with malicious command-and-control servers will ensure that no further compromise will be done. With the help of precursor malware, threat actors move laterally across the network and receive access before actually deploying the malware that will steal and encrypt the data.

Ransomware precursors. Fjern Omnatuor.com Vis varsler?
Ransomware attack chain presented by Lumu Technologies specialists

To simplify, a ransomware attack chain consists of initial access, it can be phishing, a vulnerability exploit or malware; then comes the precursor malware like Dridex, Emotet and TrickBot. And the final stage is the actual ransomware that steals and encrypts data.

Why is it not good to simply pay the ransom?

After encrypting the files the ransomware demands a ransom payment for the decryption key. Criminals write their ransom notes in such a way to persuade the victim that the only cheapest and easiest way is to pay that ransom.

But often cybersecurity specialists warn that nothing is cheap and easy here. On the contrary there’s more negative consequences of paying the demanded ransom.

The most obvious reason for fear can be that you don’t have any real guarantees that you will receive your files back. Although some threat groups graciously promise the return of the data.

neste, you also don’t have guarantees that there’s no left ransomware strain in your system. Imagine you have just paid the ransom and here it comes again. DINE filene er kryptert.

Og for det tredje, in some countries there exist legal consequences of paying the ransom. In addition to the mentioned above you will get problems with the law.

Lumu Technologies statistics on ransomware precursor

Specialists from Lumu Technologies also collected a short statistics on what specific malware was being used as a ransomware precursor. This type of info will be very much helpful in the use of cybersecurity specialist that canhuntfor concrete threat appearing.

Emotet, originally a banking trojan, evolved to include malware delivery and spamming took the first place making up three quarters of detected precursor malware in 2021. This malware works together in a ransomware chain with TrickBot to deploy Conti and Ryuk ransomware.

Ransomware precursors. Fjern Omnatuor.com Vis varsler?
Statistics data compiled also by Lumu Technologies specialists

Phorpiex took the second place among the most detected precursor malware with 13% I 2021. In the past Phorpiex was used for cryptojacking, but now it is being used for the deployment of Pony,GandCrab, DSoftCrypt/ReadMe, BitRansomware, Nemty and Avaddon.

Dridex that has been known to be used for stealing bank credentials now deploys BitPaymer and DoppelPaymer. Ursnif has been seen to deploy Egregor.

Om Andrew Nail

Cybersikkerhetsjournalist fra Montreal, Canada. Studerte kommunikasjonsvitenskap ved Universite de Montreal. Jeg var ikke sikker på om en journalistjobb er det jeg vil gjøre i livet mitt, men i forbindelse med tekniske vitenskaper, det er akkurat det jeg liker å gjøre. Min jobb er å fange opp de nyeste trendene i cybersikkerhetsverdenen og hjelpe folk til å håndtere skadelig programvare de har på PC-ene sine.

Sjekk også

Skadevaren har et dashbord som hjelper deg med å utføre RAT-aktiviteter og gir også et alternativ for å kompilere binæren for skadelig programvare for å utføre DDoS- og løsepenge-angrep på offerets maskin

Skadevaren har et dashbord som hjelper deg med å utføre RAT-aktiviteter og gir også et alternativ for å kompilere binæren for skadelig programvare for å utføre DDoS- og løsepenge-angrep på offerets maskin

Fjern News-lalupu.cc Vis varsler. Den nye skadevare …

Fjern Smartsoftware.services Vis varsler

Fjern Smartsoftware.services Vis varsler

Til slutt rådet han en gang til brukere for å skjule noe sensitiv informasjon å bruke bare svarte felter som dekker hele teksten …

Legg igjen et svar