Tech News

The new dangerous ransomware trick is encrypting your data twice

[ad_1]

Ransomware groups have it always taken it’s more of a view. If the victim pays the ransom and returns to business as usual, go again. Or not just encrypt the systems of a target; so steal their data earlier you can threaten to spill if they don’t pay. Last climb? Ransomware hackers who simultaneously encrypt victim data.

Pre-encryption attacks have occurred before, as two separate ransomware groups typically endanger the same victim at the same time. The anti-virus company Emsisoft says it is aware of dozens of incidents where the same actor or group inevitably puts two types of ransomware on top of each other.

“They are teams constantly finding out what the best strategies are, the ones who clean up the most money for the least amount of effort, ”says Emsisoft threat analyst Brett Callow. The victim deciphers her data and discovers that they are not really deciphered at all. “

Some victims receive two rescue notes at the same time, Callow says hackers want victims to be aware of a double-encryption attack. In other cases, however, victims only see a rescue note and will only know about the second encryption layer after paying for the removal of the first.

“Even in a standard case of single-encryption ransomware, recovery is usually a complete nightmare,” says Callow. “But we’re seeing this double-encryption tactic often enough because we think it’s something organizations should consider when analyzing their response.”

Emsisoft has identified two different tactics. First, hackers encrypt data with ransomware A and then encrypt that data with ransomware. Other ways Emsisoft calls an “adjacent encryption” attack, which is that attacks encrypt some systems in an organization with ransomware. A and others ransomware B. In this case, the data is encrypted only once, but the victim would need decryption keys to unlock everything. Researchers have also warned that in this adjacent scenario, attackers are taking steps to make the two different strains of ransomware as similar as possible, making it more difficult for those responsible for the incident to sort out what is happening.

Ransomware gangs often work with the entry-sharing model, as a group builds and maintains the ransomware strain and then rents out its attack infrastructure to “affiliates” who carry out specific attacks. Callow says the dual encryption fits this model, allowing customers who want to launch attacks to negotiate distributions, each of which can offer a different strain of malware.

Question whether to pay for digital bailouts it is thorny and important. Victims of rescue software who choose to pay must be careful not to let the attacker give them a decryption key. But increasing double encryption as an strategy increases the additional risks that a victim can pay, knowing that once they decrypt their files and then have to pay the second key again. As a result, the threat of double encryption makes the ability to restore from backups more crucial than ever.

“Fixing backups is a long and complex process, but double encryption doesn’t make it any more difficult,” Callow says. “If you decide to rebuild from backups you start over, so it doesn’t matter how many times the old data has been encrypted.”

First of all in the case of ransomware victims who do not have adequate backup or do not want to take the time to rebuild the system from scratch, double encryption attacks pose an additional threat. Even if the fear of double-encryption attacks makes the victim less likely to pay in every way, attackers can back down on the new strategy.


More great KABEKO stories

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button