Comments
As enterprises are busy transiting to digitilisation to cope with the Covid-19 impact, cyber criminals seem to have finetuned the nature of their attacks. From ransomware, they seem to have moved to ransomhack, posing a ‘double trouble’.
Also read: Six tools that will ensure office safety
“Advanced ransomware attacks like WannaCry, Petya, Ryuk and Grandcrab used to only encrypt disks or files and demand a ransom payment in return for a decryption key,” Seqrite, an IT security and data protection services company, said.
“Now, a new ransomware trend is observed which not only encrypts user files but also exfiltrates private and sensitive information. On denial of ransom, adversaries threaten to release hijacked information in public,” it said.
This is double trouble for organisations — exposing sensitive data in public causes severe GDPR (General Data Protection Regulation) implications. In either case, businesses are likely to have to pay to carry on their activities. This tactic is called ransomhack or double extortion.
Also read: Pandemic has slowed funding in Indian cybersecurity space, says report
“Maze, DoppelPaymer, Ryuk, Lockbit, Netwalker, Mountlocker, and Nefilim are a few ransomware operators using double extortion techniques. We expect this trend to continue in 2021 as well,” Seqrite said.
Healthcare, pharma sectors targeted
Cyber security experts at Seqrite have said that healthcare and pharma companies, which have been in the frontline to fight against the coronavirus pandemic, are also facing a new wave of ransomware attacks and extortion demands of late.
“Though a few ransomware operators agreed to not attack the healthcare sector during the Covid-19 crisis, several other attack groups have continued to use ransomware against this sector, largely because of the sensitive and personal data of patients they store,” it said.
A large number of hospitals, Covid-19 research firms and pharma companies have become victims to ransomware in the last quarter of 2020.
In the last quarter, Seqrite discovered Operation SideCopy, an advanced persistent threat (APT), attack on the Indian Defence forces. There will be similar attacks in 2021 that will attempt to breach critical infrastructure, it said.
Seqrite said CobaltStrike, a powerhouse of ethical hackers, is now in the hands of cyber criminals. The threat emulation toolkit is often being used for post-exploitation, covert communication, and browser pivoting, among other malicious purposes. It can be repurposed to deploy any type of payload, be it ransomware or keylogger, into the target systems, it said.
Recently, the source code of ‘CobaltStrike’ was leaked on GitHub. This will allow malware authors to make customised changes in the source code or tweak it to evade detections.
Remote work infra
Seqrite has also witnessed attacks on remote work infrastructure, with the pandemic forcing businesses and organisations to let their staff work from home.
“This must be managed and configured with great precision. IT administrators need to update and patch the software, operating systems and anti-virus software,” it said.
Cybersecurity experts also expect more attacks in the cryptocurrency transactions space. “The cryptocurrency prices are at an all-time high currently and are expected to rise even more in 2021,” it said.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.