Hackers Are Hunting for Bigger Game with New Version of Ransomware

Pinchy Spider and GandCrab sound like scoundrels in a super-hero comic book, but they are real-life villains in the business world. Learn how to defend your company against the Pinchy Spider hacking group’s latest tactics and its newest version of the GandCrab ransomware.

Back in January 2018, a hacking group known as Pinchy Spider launched the GandCrab ransomware. It quickly became a dangerous form of ransomware, thanks to the group continually making adaptations to it.

Pinchy Spider has not slowed down in its quest to make GandCrab more deadly. Researchers recently discovered that a new version of the ransomware is making the rounds. Just as important, they discovered signs that Pinchy Spider is trying to catch bigger prey with it.

The Growing Trend of Big Game Hunting

Big game hunting is a growing trend among cybercriminals. To quickly increase revenue, hackers are turning to more targeted attacks of bigger game. For example, instead of sending phishing emails to the masses to spread malware, cybercriminals are using reconnaissance and sophisticated delivery methods to reach specific targets that will yield more profits.

Big game hunting fits well with Pinchy Spider’s “ransomware-as-a-service” business. In other words, it lets other cybercriminals (aka “customers”) use the malware it creates to carryout cyberattacks for a share of the profit. Typically, the hacker group uses a 60-40 ratio to split the profits, where 60% goes to the customers. However, Pinchy Spider is now advertising that it is willing to negotiate up to a 70-30 split for “sophisticated” customers. This change coupled with the fact that Pinchy Spider is actively recruiting hackers with networking, Remote Desktop Protocol (RDP), and virtual network computing experience is leading security analysts to believe that Pinchy Spider is hopping onto the big game hunting bandwagon.

GandCrab Well Suited for Big Game Hunting

GandCrab is well suited for targeted attacks of bigger game. While most ransomware is distributed through phishing emails, GandCrab takes a different route to its victims. It is distributed through exploit kits. Cybercriminals use these kits to find and exploit known software vulnerabilities in order to carry out malicious activities. In this case, Pinchy Spider created several exploit kits to look for weaknesses in the Java Runtime Environment, Adobe Flash Player, Microsoft Internet Explorer, and other software. If found, the kits exploit the vulnerabilities to launch VBScript, JavaScript, and other types of code that installs GandCrab.

Once the ransomware is installed on a computer, it does not immediately start encrypting the files on it. Instead, it lays dormant while the hackers try to use RDP and credentials they stole from the compromised machine to access and install the ransomware on other computers — preferably hosts or servers — in company’s network. In one instance, the cybercriminals were able to access a business’s domain controller (DC). They then used the IT systems management application installed on the DC to deploy GandCrab throughout the network.

When the hackers have finished infecting the targeted computers, they trigger GandCrab to start encrypting files with an RSA algorithm. GandCrab then demands payment in Dash (a form of cryptocurrency) to decrypt the files. While most ransomware blackmailers demand one payment to unlock the files on all the infected machines, Pinchy Spider and its customers request payment on a per-computer basis, especially if hosts or servers have been compromised.

How to Protect Your Business against GandCrab

Taking several measures can go a long way in protecting against a GandCrab attack:

  • Patch known vulnerabilities by regularly updating all software on each computer in your company, including workstations, hosts, and servers. Patching will eliminate many of the vulnerabilities that exploit kits use to access machines.
  • Make sure the security software is being updated on each computer. Even hosts and servers should be running security software. It can help defend against known ransomware threats and other types of malware attacks.
  • Secure RDP. Hackers like to exploit RDP to access businesses’ hosts and servers, so it needs to be secured. There are several ways to do this, such as deploying an RDP gateway and limiting who can use RDP to log in to the network.
  • Use two-step verification for the service and software accounts on your hosts and servers. That way, even if a password is compromised, it cannot be used to gain access to those accounts. If using two-step verification (also known as two-factor authentication) is not possible, at least use strong account passwords and implement an account lockout policy to foil brute force password-cracking attacks.
  • Regularly back up files and systems, and make sure the backups can be successfully restored. Although having restorable backups will not prevent a GandCrab attack, you won’t have to pay the ransom if the attack is successful.

We can help you implement these measures as well as provide recommendations on how to further protect against GandCrab and other types of ransomware.

Locky ransomware: source code flickr photo by Christiaan Colen shared under a Creative Commons (BY-SA) license


Are Your Employees Inadvertently Exposing Your Company’s Sensitive Data?

The ease in which employees can now share information coupled with current cultural trends is causing accidental data leaks in many businesses. Learn how to prevent employees from accidentally exposing your organization’s sensitive data.

The number is eye-opening: 83% of companies believe that employee errors have put sensitive business and customer data at risk of exposure, according to a study by Egress. More than 1,000 security professionals at US-based companies participated in this study.

The study also identified the technologies that most often involved in this type of accidental data leak. Email services provided by both on-premises systems and cloud service providers (e.g., Google Gmail) topped the list. Examples of email-based accidents include sending emails to the wrong address (which can easily occur when the auto-completion feature is enabled) and forwarding messages that contain sensitive information.

Other technologies that are commonly involved in accidental data leaks by employees include:

  • File-sharing services (e.g., Dropbox)
  • Collaboration tools (e.g., Slack)
  • Messaging apps (e.g., WhatsApp)

The common denominator among these technologies is that they all are tools for sharing information.

The Perfect Storm and Its Aftermath

The ease in which employees can now share information coupled with current cultural trends is causing “the perfect storm” for accidental data leaks, according to Mark Bower, Egress Chief Revenue Officer and NA general manager. “The explosive growth of unstructured data in email, messaging apps, and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections,” said Bower. “Combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” he said.

The damage caused by this perfect storm could be grim. For example, suppose an employee emails a sensitive file that is not protected in any way to several coworkers for review. One of the coworkers might review the document on an unsecured personal device (e.g., a smartphone), opening up the possibility that it could fall into hackers’ hands. Or, the coworker might mistakenly forward the message to another employee, not realizing that the person should not be looking at the file.

Sending sensitive documents via file-sharing services adds another risk. Some of these services offer a feature that synchronizes files put in a shared folder across all registered devices. If an employee places a sensitive file in a shared folder without knowing that folder’s members, the file might be sent to multiple people who should not be seeing it.

How to Avoid Getting Caught in the Storm

To minimize the number of accidental data leaks caused by employee errors, companies might consider taking some of the following precautions:

  • Document the company’s rules regarding the sharing of sensitive data in a new or existing policy. If sharing is allowed, be sure to specify the conditions under which it is sanctioned and create procedures on how to properly share this data.
  • Provide employee training. After documenting the rules and procedures, let employees know about them. Be sure to discuss what is considered sensitive data and how accidental leaks can occur.
  • Use encryption. Encryption is one of the most effective ways to protect sensitive data that has accidentally fallen into the wrong hands. Various encryption strategies exist to meet different needs.
  • Limit employee access to sensitive data. Employees might not realize or might forget that certain types of data are sensitive. By using access controls, you can prevent them from obtaining and sharing that data.
  • Use a solution that automatically identifies sensitive files and prevents them from being copied into emails or other tools.

Every company should document its rules regarding the sharing of sensitive data and train employees. The other precautions to take, though, will depend on your business’s data, operations, and employees. We can explain the different encryption strategies, types of access controls, and other types of solutions so you can make an informed choice.

women entreprenurs serious brainstorming credit to https://1dayreview.com flickr photo by 1DayReview shared under a Creative Commons (BY) license