How Faulty Software Development Allows Ransomware to Thrive | Techsaga


Successful attacks on high-profile targets are making ransomware a burning headline in 2021.

Successful attacks on high-profile targets are making ransomware a burning headline in 2021. It is not some advanced cutting-edge threat but the technology behind these attacks is taking a great hit of dangers in the organizations. Traditionally, the ransomware was not that competent, earlier, the attacks on the encrypted data on targeted machines were to happen which made victims pay for the decryption key at most. But now, cybercriminals have started to put the data at risk as a threat to outsourcing more money. Software Development Company form programs to protect your data from being encrypted.

 

Along with the world going global, ransomware payments are going global too. Cryptocurrency has been introduced as one of the methods, before that it was difficult to facilitate ransomware from strangers. Today’s ransomware groups don’t rely on external sources, they’re funded well, they study their victims properly before striking them. Not just this, some threat groups are state-funded carrying the national economy.

 

 

Ransomware and it’s working: Ransomware malware encrypts victims’ files to demand ransom amounts preceding to restore access of data. 

Phishing Spam is one of the most common delivery systems of threat. Victims are likely to receive an email impersonating a trusted file, once these files are opened and downloaded they spread all over the victim’s computer catching all encrypted files allowing administrative access. 

Other ransomware like Notpetya exploits security holes to infect computers without even tricking the users. Several other malware might do other harm but files encryption is the most common one. 

The encrypted files cannot be decrypted without applying a mathematical key known only to the attacker. A message is likely to be presented on the victim’s screen explaining that the decryption is not possible without sending ransom to the attacker. 

 

Ransomware Targets: Choosing the target for malware depends on different norms, sometimes attackers target schools and universities as they have small security teams with a disparate user base which makes the penetration of files easier. 

Moreover, some organizations are always at the target point as they seem to pay the ransom immediately. Government agencies and medical facilities need immediate access to their files, thus, it is facile to target such agencies. 

Organizations carrying sensitive data like law firms are also willing to pay the ransom quickly as they contain sensitive information which cannot be put at risk. 

Not only the organizations but ransomware spreads at anyone’s PC without any discrimination, automatically. 

 

Acer Attack: In March 2021, the Taiwanese electronics manufactured Acer received a ransomware attack through REvil threat groups. High-pressure tactics were used by modern APT groups to force compliance over the victims. $ 50 million USD was demanded by the attackers from Acer offered with 20% discount if surrendered promptly. Proceeding with an increment of extra $ 50 million USD calculating to $100 million USD altogether if refused to pay the ransom amount.

To continue the leverage on the victim, attackers posted an auction for the stolen Acer data on their leak site, customer database, and other sensitive internal data would be sold to the highest bidder. 

REvil threat group asked for the ransom in Monero (XMR) being a secure and untraceable cryptocurrency. Not just it, the anonymity and security features are so vigorous that the United States IRS has offered a $ 625,000 bounty to the code cracker. 

Like Acer, many other high-profile businesses face data breaching, however, security experts are working hard enough to analyze the situation in a perspective manner. 

 

Kaseya Attack: Another ransom attack was launched by the EVil threat group on 2nd July 2021 on the global IT provider, Kaseya. 

While many American office workers were out celebrating extended Independence Day weekend, The threat group exploited a bug in the virtual system administrator (VSA) software of Kaseya. $70 million USD in ransom was demanded by the attackers for decryption keys. 

This cyber attack happened at the application layer since Kaseya’s VSA had an authentication bypass vulnerability that allowed attackers to compromise the software and distribute malicious payloads. 

 

Preventing Ransomware: To put ransomware at the end is a prompt step that should be considered a priority to keep your files and sensitive data at lock. 

 

Some general steps to improve the defenses are;

  • To ensure vulnerabilities to exploit, keep your PC up-to-date and patched up.
  • Avoid installation of files and software you’re not really aware of the source, also avoid providing any administrative privilege to such files.
  • Antivirus programs must be installed in your system to ascertain malicious files and programs to prevent your PC from such maims. 
  • Back up your files to avoid disturbance caused by the ransomware in the first place.  

 

The ransomware market is rapidly expanding, attackers are dealing in millions by encrypting data. Hospitals and medical organizations are more likely to tempt the attackers. Carrying lives in their hands these organizations don’t think twice about spending money on paying ransom amounts. 

It’s not necessary that your antivirus would definitely protect you from malware programs. 75% of the companies fall for ransomware despite being part of anti-malware programs.

 DevOps methodology organization works on making things simple and takes care of unprotected data via their antivirus programs.

 

5 Views