Ransomware attack compromises entire organization within hours | #malware | #ransomware


A new ransomware attack observed by cybersecurity analysts allowed attackers to “domain wide” compromise a victim’s systems within four hours of their initial access, raising fears that this type of attack could target both private companies and government agencies.

The DFIR Report published an April 25 analysis of a ransomware attack that used a package of malware tools to gain widespread access to the targeted victim’s computer systems just three hours and 44 minutes after the initial intrusion. The attack represented an “extremely short” time to ransom and likely came to the victim organization through an email attachment, DFIR wrote.

The DFIR blog post described the attackers using several pieces of malware to gain access to the target organization’s IT systems, spread through its networks, and encrypt its data. Human attackers also appeared to take active roles in the attack, with “hands-on-keyboard” activity by the hackers about two hours after the initial malware installation.

The so-called Quantum ransomware attack is making cybersecurity professionals worried about its use against other targets.

Given U.S. tensions with Russia, this new attack could be repurposed to attack government agencies, said Chris Olson, CEO of The Media Trust, a cybersecurity provider.

“Unfortunately, the U.S government suffers from an IT modernization gap, which renders civilian and intelligence agencies, critical infrastructure providers, and private contractors vulnerable to ransomware and other encryption-based attacks,” he told the Washington Examiner.

The speed to ransom for the Quantum ransomware attack is concerning, but the time until major damage in ransomware attacks is already “very fast,” Olson added. In some cases, ransomware attackers are able to encrypt some files within 45 minutes, he noted.

“Ultimately, this means that it is futile to respond to ransomware and encryption attacks after the fact,” he added. “To protect themselves, organizations must pivot to prevention over treatment.”

The attack appears to be a rebranded version of Mount Locker, a ransomware-as-a-service tool that’s been active since mid-2020, noted Anurag Gurtu, chief product officer at StrikeReady, another cybersecurity vendor. Mount Locker “uses free, legitimate tools to move, steal, and encrypt files,” he told the Washington Examiner.

The Quantum ransomware attack uses IcedID, a piece of malware used by many hacking groups, that can act as a dropper for other malware, security experts noted.

“There is no organization that is immune to these attacks, and it must take immediate steps to protect itself from them,” Gurtu added. “During these situations, advanced red teaming and threat intelligence feeds should be relied upon.”

The malware tools used by the attackers were not new, but the hackers’ methods seemed to suggest an aggressive approach, some security experts said.

“What is concerning here is the speed at which the activities post-breach were conducted, which shows increasing coordination of post-breach activities and an awareness that many environments are not equipped to handle fast-moving attacks,” said Jeremy Peterson, product manager of the security portfolio at Involta, a cloud computing provider.

Similar attacks have been directed at all levels of government and will continue, particularly in a tense political climate worldwide, he added. “But we must also be aware that these types of attacks are not limited to certain government entities or businesses,” Peterson told the Washington Examiner. “In today’s world, everyone is a potential target.”

Peterson recommended that organizations look to automation and artificial intelligence to assist in their cybersecurity efforts. AI and machine learning can help security technicians “sort through the massive amount of data that must be analyzed to catch these types of attacks as quickly as possible — to either prevent the attack before it starts or to control the spread as quickly as possible to minimize any impact,” he said.





Original Source link

Leave a Reply

Your email address will not be published.

− one = one