A UK-based cybersecurity firm unveiled new details of Ragnar Locker ransomware attack that uses a VirtualBox app.
A new study warns of a new ransomware attack method that runs a virtual machine on target computers in order to infect them with the ransomware. This may play the attack beyond the reach of the computer’s local antivirus software.
According to the UK-based cybersecurity firm Sophos, the Ragnar Locker attack is quite selective when choosing its victims. Ragnar’s targets tend to be companies rather than individual users.
Almost 1,850 BTC in ransom demanded in a single attack
Ragnar Locker asks victims for large amounts of money to decrypt their files. It also threatens to release sensitive data if users do not pay the ransom.
Sophos gave the example of the network of Energias de Portugal, who stole ten terabytes of sensitive data, demanding payment of 1,850 Bitcoin (BTC) in order not to filter the data. 1,850 BTC is worth roughly $11 million as of press time.
The modus operandi of ransomware is to take advantage of vulnerabilities in the Windows remote desktop app, where they obtain administrator-level access to the computer.
With the necessary permissions granted, attackers configure the virtual machine to interact with the files. They then proceed to boot up the virtual machine, running a stripped-down version of Windows XP called “Micro XP v0.82.”
Ransomware tactics are getting more “insidious and extreme”
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, provided more details on Ragnar Locker:
“The operators have recently been observed to launch the ransomware from within a virtual machine to avoid detection by security products. Like other ransomware groups, Ragnar Locker steals data and uses the threat of its release as additional leverage to extort payment. Should the company not pay, the stolen data is published on the group’s Tor site.”
Callow claims that the tactics deployed by ransomware groups are becoming ever more “insidious and extreme”, considering that the ransomware gangs behind Ragnar Locker now threaten to sell the data to the victim’s competitors or use it to attack their customers and business partners.
The threat specialist from Emsisoft adds the following:
“Companies in this situation have no good options available to them. Even if the ransom is paid, they simply have a pinky-promise made by a bad faith actor that the stolen data will be deleted and not misused.”
Recent ransomware attacks
On May 10, Cointelegraph reported on a study by Group-IB that revealed another type of ransomware that uses banking trojans to attack governments and companies, raising the red flags among the cybersecurity community and the FBI.
A ransomware gang called REvil also recently threatened to release almost 1TB of private legal secrets from the world’s biggest music and movie stars, such as Lady Gaga, Elton John, Robert DeNiro, Madonna, among others.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.