Security News > 2020 > May > Inside a ransomware gang’s attack toolbox
If you're a Naked Security Podcast listener, you'll have heard Sophos's own Peter Mackenzie telling some fairly wild ransomware stories.
Last week, for example, we wrote about an attack by the Ragnar Locker crew in which they wrapped a 49KB ransomware executable - a file created specifically for one victim, with the ransom note hard-coded into the program itself - inside a Windows virtual machine that served as a sort of run-time cocoon for the malware.
The crooks deployed a pirated copy of the Virtual Box virtual machine software to every computer on the victim's network, plus a VM file containing a pirated copy of Windows XP, just to have a "Walled garden" for their ransomware to sit inside while it did its cryptographic scrambling.
That's far from everything that today's crooks bring along for a typical attack, as SophosLabs was able to document recently when it stumbled upon a cache of tools belonging to a ransomware gang known as Netwalker.
Cloud storage has changed all that, and ransomware crooks are now commonly stealing some or all of your data first, before unleashing their ransomware.
News URL
https://nakedsecurity.sophos.com/2020/05/28/inside-a-ransomware-gangs-attack-toolbox/
Related news
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Ransomware crisis deepens as attacks and payouts rise (source)