Ransomware Gone Berserk
As if ransomware wasn’t bad enough in the past.
As if ransomware 2.0 didn’t make you lose sleep.
If you thought that the pandemic was slowing down cyberattacks.
Sorry to be the bearer of bad news.
We are seeing new ransomware strains pop up at an alarming rate. In just the past couple of months we have seen:
- Avaddon – an email based attack that tries to lure you in by a subject line like Your New Photo? of Do You Like My Photo? The attackers sent out over a million emails in just one week trying to compromise people’s computers. And they have an affiliate program that pays a very generous 65% of any ransom that they generate.
- AgeLocker– uses the Google developed Age encryption tool. They are demanding 7 Bitcoin to unlock your files (about $65,000).
- Conti – probably a successor to Ryuk. New and improved. Can encrypt 32 files at the same time for reduced time to detect before it is all over. It attempts to maximize damage.
- ThiefQuest – This is a piece of Mac wizardry. Not only does it encrypt your files, but it also installs a keylogger, reverse shell and other niceties. They were asking $50 to decrypt, but there is no way to contact the hackers. There is now a free decryptor, but if the goal was really to install the keylogger and back door, maybe they figure that you won’t notice that if you can get your files back.
- WastedLocker – a variant of the EvilCorp malware, it has been targeting U.S. Fortune 500 companies and demanding multi-million dollar ransoms.
- Try2Cry – This ransomware uses infected links and compromised flash drives to share the love. This one, too, seems to be decryptable.
- FileCry – Another amateur attempt. They ask from 0.035 Bitcoin or about $400 at today’s value.
- Aris Locker – This one threatens the user that if they snitch on the hacker, they will delete your data permanently. They are asking for $75 in ransom if paid quickly; $500 otherwise.
While some of these strains are not a serious threat, others are and these are just the strains that this article identified in the last couple of months.
Suffice it to say, ransomware is alive and well and not taking a break during these crazy times.
This means that you better be ready to deal with the situation if one of your employees accidentally opens an infected email and compromises your network. Credit: Cyware