Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Saturday, December 26, 2020

Kaspersky spots new 'disease'-disguising ransomware

12/15/2020 03:05:27 PM

Kaspersky has revealed recently that another ransomware is on the loose, and it is disguised as a 'disease.'

Through a virtual conference which the global cybersecurity company has been largely part of, the dubbed “Ransomware 2.0”  goes beyond kidnapping a company’s or an organization’s data. These groups are now utilizing the increasingly valued digital reputation to force their prey to pay a hefty ransom. These were the findings after Vitaly Kamluk, Director of Global Research and Analysis Team (GReAT) for APAC at Kaspersky, revealed that at least 61 entities from the region were breached by a targeted ransomware group in 2020. Australia and India logged the highest number of incidents across APAC.

Kaspersky said the following industry segments were compromised: 
  • Light Industry - includes the manufacturing of clothes, shoes, furniture, consumer electronics and home appliances
  • Public service
  • Media and Technology
  • Heavy Industry – includes oil, mining, shipbuilding, steel, chemicals, machinery manufacturing
  • Consulting
  • Finance
  • Logistics
“Targeted ransomware has been a problem for many Asian enterprises. Over 61 companies were breached this way in Asia alone. In some cases, the Maze ransomware gang claimed responsibility and published stolen data from the compromised companies,” said Kamluk.
In a press release, Kaspersky has cited the Maze group as the most active and the most damaging of all. Formed in summer 2019, it took them about half a year to prepare and launch a full-scale campaign against many businesses. The first victims appeared in November 2019, when they leaked 700MB of victim’s internal data online. Since then, many other cases followed which led this group to commit breaches to at least 334 companies and organizations. 

Maze is one of the first groups which started the use of “pressure tactic,” which runs by cybercriminals threatening victims that they will publicly leak the most sensitive data stolen from their compromised systems via the group’s own website.

“Pressure tactic is a serious threat to public and private organizations. This attack plays on companies’ digital reputation as it threatens to divulge data of a breached entity, compromising its security and its name at the same time,” he added.

Kamluk noted that digitalization has birthed different pressure points for a company. Before, enterprises’ main concerns only included business continuity and, depending on the industry, government regulation. Now, surviving in the era of the digital reputation economy means that they should also be aware of business trust – with their partners and customers – as well as public opinion. 

Proving this was made through a recent survey conducted by Kaspersky which showed that 51% of users in APAC agree that a company’s online reputation is essential; while almost half (48%) also admitted that they avoid companies who were involved in a scandal or had received negative news coverage online.

“Maze group just announced that they are closing down, but this gang just triggered the beginning of this trend. A successful targeted ransomware attack is a PR crisis that can damage an organization’s reputation, online and offline. Financial toll aside, fixing one’s name is quite a harder task to take which is why we urge public and private entities to take their security seriously,” adds Kamluk.

To remain protected against these threats, Kamluk suggests enterprises and organizations to:
  • Stay ahead of your enemy: make backups, simulate attacks, prepare action plans for disaster recovery.
  • Deploy sensors everywhere: monitor software activity on endpoints, record traffic, check hardware integrity.
  • Never follow the demands of the criminals. Do not fight alone - contact Law Enforcement, CERT, security vendors like Kaspersky.
  • Train your staff while they work remotely: digital forensics, basic malware analysis, PR crisis management.
  • Follow the latest trends via premium threat intelligence subscriptions, like Kaspersky APT Intelligence Service.
  • Know your enemy: identify new undetected malware on-premises with Kaspersky Threat Attribution Engine.
Author: slickmaster | © 2020 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!