Ransomware-as-a-Service is After Your Servers
As the amount of Ransomware-as-a-Service increases, the volume and ferocity of ransomware attacks will only increase. The latest ransomware catching companies off guard is going straight for your operations’ jugular: your production server.
The malware, named PureLocker because it has been written in the PureBasic programming language, is fitted with several features that allow it to evade detection. By using PureBasic, attackers benefit because sometimes security vendors struggle to generate reliable detection signatures for malware written in this language. Also, PureBasic is transferable between Windows, Linus and OS-X, meaning cybercriminals can more easily target different platforms.
If the malware determines that it’s running in a debugger environment, it exits right away. Also, the payload deletes itself after execution. The malware does not lock all files on a compromised system, avoiding executables. Encrypted items are easy to recognize by the .CR1 extension that is appended after the process.
A ransom note is left on the system desktop in a text file called “YOUR_FILES.” No ransom amount is demanded, instead victims are told to contact the cybercriminals at a Proton email address, listing a unique account for every device that is compromised.
These attacks are being launched against servers, specifically, with the goal of holding them hostage and only returning them to operation after a cryptocurrency ransom has been paid. Ransomware attacks against servers often lead to demands for payments of hundreds of thousands of dollars in exchange for decrypting the systems, and can be accompanied by a threat to destroy the data if the ransom isn’t paid.
It is believed that PureLocker is being offered as Ransomware-as-a-Service and the service is only available to cybercriminal operations that can afford to pay a significant sum.
Paying ransoms supports cybercriminal businesses and perpetuates attacks. You are feeding money back into the beast and giving them more opportunities to create new attack methods. The best prevention is to ensure you have the proper security solutions in place and that you partner with an IT consulting firm that has your back, all the time. 2W Tech is a full-service IT consulting firm that specializes in manufacturing solutions. Cybersecurity is one of our areas of expertise, so give us a call today to learn more. Don’t let your organization become the next victim to Ransomware-as-a-Service.