Cybersecurity experts discovered a malicious campaign that takes less than a minute to execute that has proven to give BIG paydays to the criminals using it. The attack ends with you getting a pretty awful strain of ransomware—leading to your files completely encrypted and your workers unable to get essentially anything done.
Discovered late in December, this attack has been spreading through cybercrime rights. It steals documents, browser histories (including cookies that may be storing your online passwords or filled in information), currency, data from 2 Factor Authentication programs, including messages with verification codes. On top of all of this, this new methodology also can take screenshots of your computer, imaging and sending away any sensitive information that could be up on your screen.
Lastly, hackers and criminals can customize their profile of attack to specify what specific types of data they are interested in. If you’re in healthcare, be wary that these attackers are specifically looking for personally identifiable information contained within health records!
This latest attack, which has been termed Vidar, is found in exploit kits that budding criminals can purchase for a few hundred bucks on the Dark Web. Everything they need is in the kit—from the campaign messaging, ransomware virus (turns out this virus is GandCrab) and all the malvertising to go along with getting users to click.
There are even streaming videos that explain how to implement the campaigns and use this attack for big payoffs.
Cyber experts’ analyses of this new attack found this attack was a command and control attack, which means that the virus depends on getting specific commands from the attacker and continually sends back data to the attacker’s computer. In the data the attacker is getting from the compromised machine are machine specs, running processes and installed applications, IP address and ISP being used. All of this information is sent back in the form of text files.
Experts believe that attackers are looking for additional exploits to penetrate further into businesses and organizations before initiating a big ransomware attack.
BUT if the attacker is motivated to attack, the kit is equipped to execute on your network and completely lock down your files all within a minute of the initial infection. This one minute lockdown method was what raised eyebrows in the cybersecurity field.
What makes this attack novel and especially potent is how it uses a multi-pronged approach to get in and infect. It tries through digital ads, data theft Trojans and ransomware to lock users out of their machines.
If your business or organization is not prepared for ransomware attacks, you certainly will not be ready for this one minute stealthy attack mechanism.
Concerned about your cybersecurity? Contact us for a ransomware vulnerability assessment.
