Security News > 2020 > May > Inside a ransomware gang’s attack toolbox

If you're a Naked Security Podcast listener, you'll have heard Sophos's own Peter Mackenzie telling some fairly wild ransomware stories.

Last week, for example, we wrote about an attack by the Ragnar Locker crew in which they wrapped a 49KB ransomware executable - a file created specifically for one victim, with the ransom note hard-coded into the program itself - inside a Windows virtual machine that served as a sort of run-time cocoon for the malware.

The crooks deployed a pirated copy of the Virtual Box virtual machine software to every computer on the victim's network, plus a VM file containing a pirated copy of Windows XP, just to have a "Walled garden" for their ransomware to sit inside while it did its cryptographic scrambling.

That's far from everything that today's crooks bring along for a typical attack, as SophosLabs was able to document recently when it stumbled upon a cache of tools belonging to a ransomware gang known as Netwalker.

Cloud storage has changed all that, and ransomware crooks are now commonly stealing some or all of your data first, before unleashing their ransomware.

News URL

https://nakedsecurity.sophos.com/2020/05/28/inside-a-ransomware-gangs-attack-toolbox/