The security company Kaspersky recently unveiled, that it has discovered a Linux variant of the RansomEXX ransomware, marking the first time that a major strain of Windows ransomware has moved to Linux to help with targeted intrusions.
Previously, this ransomware was reported was used in attacks against the Texas Department of Transportation, Konica Minolta, the US government contractor Tyler Technologies, the Montreal transit system and, more recently, against the Brazilian Judicial System (STJ).
Ransom EXX you are among those who take on big goals in search of big payouts, knowing that some companies or government agencies cannot afford to sit idle while they recover their systems.
In late 2019, the FBI published a ransomware public service announcement to educate the public about the increasing number of attacks on businesses and organizations in the United States.
“Ransomware attacks are becoming more selective, sophisticated and costly, although the overall frequency of attacks remains constant. Since the beginning of 2018, the incidence of indiscriminate and large-scale ransomware campaigns has decreased dramatically, but losses from ransomware attacks have increased dramatically, according to complaints received by IC3 [Internet Crime Complaint Center] and information on cases from the FBI " .
The FBI has observed that hackers use the following techniques to infect victims with ransomware:
- Email phishing campaigns: the attacker sends an email containing a malicious file or link, which deploys malicious software when the recipient clicks on it.
Hackers have traditionally used generic and general spam strategies to implement their malware, while recent ransomware campaigns have been more specific.
Criminals can also compromise a victim's email account by using precursor malware, which allows the cybercriminal to use the victim's email account to further spread the infection. - Remote Desktop Protocol Vulnerabilities: RDP is a proprietary network protocol that enables people to control a computer's resources and data over the Internet.
Hackers have used both methods of brute force, an evidence-based technique, to obtain user credentials.
They also used credentials purchased from darknet marketplaces to gain unauthorized RDP access to victimized systems. Once they have access to RDP, criminals can deploy a variety of malware, including ransomware, onto victimized systems. - Software vulnerabilities: Hackers can exploit security weaknesses in widely used software programs to take control of victimized systems and implement ransomware. For example, hackers recently exploited vulnerabilities in two remote administration tools used by managed service providers (MSPs) to deploy ransomware on the customer networks of at least three MSPs.
CrowdStrike, a cybersecurity technology company, found that there had been a significant increase in ransomware attacks aimed at the "big game."
Since they know that their victims are sensitive to downtime, they will be more likely to pay a ransom regardless of the cost of that ransom. Some likely targets include:
Health care
Manufacturing industry companies
Managed services
Governmental agencies
During the past year, there was a paradigm shift in the way these operators operate. Several of them they realized that attacking desktops first is not a lucrative businessas companies tend to use backup images of affected systems to avoid paying the ransom.
In recent months, in numerous incidents, some ransomware operators they haven't bothered to encrypt the workstations y have primarily targeted critical servers within a company's network, knowing that by attacking these systems first, companies would not be able to access their data.
The fact that RansomEXX operators are creating a version for Linux Windows ransomware is in line with this line of thinking, since many companies can have internal systems in Linux and not always in Windows Server.
Source: https://securelist.com