Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

FBI sounds the alarm over virulent new ransomware strain

Image Description

A virulent new ransomware strain has infected at least 60 different organizations in the last two months, the FBI has warned.

In a Flash report, published late last week, the intelligence agency said that BlackCat, a known ransomware-as-a-service actor, compromised these organizations using a strain written in RUST.

This is somewhat unusual given that most ransomware is written in C or C++. However, the FBI believes these particular threat actors opted for RUST as it’s considered to be a “more secure programming language that offers improved performance and reliable concurrent processing.”

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Mitigations and defenses

BlackCat, also known as ALHPV, usually demands payment in Bitcoin and Monero in exchange for the decryption key, and although the demands are usually “in the millions”, has often accepted payments below the initial demand, the FBI says.

BlackCat also has strong ties to Darkside (aka Blackmatter), the FBI further explains, suggesting that the group has “extensive networks and experience” in operating malware and ransomware attacks. 

The attack usually starts with an already compromised account, which gives the attackers initial access to the target endpoint. The group then compromises Active Directory user and administrator accounts, and uses Windows Task Scheduler to configure malicious Group Policy Objects (GPOs), to deploy the ransomware.

Initial deployment uses PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim’s network.

Read more

> Ransomware attacks saw a huge rise in 2021

> What it takes to fight the ransomware pandemic

> Ransomware payments hit a new all-time high last year

The attackers are then said to download as much data as possible, before locking up the systems. And they even look to pull data from any cloud hosting providers they could find. 

Finally, with the help of Windows scripting, the group seeks to deploy ransomware onto additional hosts.

The FBI has also created a comprehensive list of recommended mitigations, which include reviewing domain controllers, servers, workstations, and active directories for new or unrecognized user accounts; regularly backing up data, reviewing Task Scheduler for unrecognized scheduled tasks, and requiring admin credentials for any software installation processes.

Date

25 Apr 2022

Sources

Share

Other Blog

  • Intel’s NUC M15 laptop to launch in 2021

    Intel is not really known for making its own hardware, of this level, so this should be interesting

    Read More

  • Budget Intel Arc Alchemist GPU may come with 6GB memory

    Intel's Arc Alchemist budget graphics card looks like it will come with 6GB of memory, if a leaked photo is accurate.

    Read More

  • DDR5 RAM prices could be bad news for your wallet

    Next-gen RAM is always a lot more expensive than current products of course, but the pricing misery is going to be more intense with DDR5 system RAM, according to a fresh forecast.

    This comes from hardware maker MSI, which has produced a FAQ-style blog post on DDR5 memory (spotted by Overclock3D) which will soon be on sale, and can be used with Intel’s theoretically imminent Alder Lake processors.

    MSI covers various issues including the expected pricing, with DDR5 estimated to command a 50% to 60% premium compared to current DDR4 asking prices, which is a good chunk heftier than the typical rise with the introduction of new memory.

    As MSI notes: “Historically, newer memory technology has always commanded close to a 30-40% premium over the previous generation. However, this time, DDR5 includes additional components that have driven the costs up further.”

    Prices will stay inflated for some time, but that’s nothing new and it is always the case that a new standard of RAM will remain costly for some time. As MSI underlines, it takes around two years before pricing normalizes, or in other words, when DDR5 is expected to reach the same kind of price tags as the ones seen on DDR4 now.

    Analysis: RAM raiding your wallet (probably)

    In its FAQ, MSI points out that Kingston will launch DDR5 sticks at the same time as Intel unleashes its Alder Lake CPUs and motherboards, which will be the only platform that supports DDR5. Naturally, other RAM makers will be on the case too.

    Indeed, as you may know, technically DDR5 is already available to buy, with TeamGroup having released DDR5 RAM kits way back in June, at least in limited fashion in some regions. Currently you can have these shipped from China (ordered from Newegg US), but really, it’s pointless to purchase right now given that there’s nothing to actually put this new system memory into. Not until those aforementioned Intel 12th-gen chips and their Z690 motherboards arrive.

    The launch price of that TeamGroup RAM was $400 (around £290, AU$535) for a 32GB, 4,800MHz kit (but it’s also worth noting that to have it shipped from China right now will cost $790 – around £570, AU$1,055 – via Newegg US). The recommended price isn’t too much of an increase on 4,000MHz DDR4, in actual fact, but wider DDR5 RAM costs will likely be a good deal higher as suggested here. Particularly when component shortages and potential stock issues – a constant plague on the tech industry right now – make themselves felt.

    Furthermore, remember that 4,800MHz will be entry-level for DDR5 and there will be much faster RAM sticks out there, which will be correspondingly more expensive, and indeed perhaps even thinner on the ground, again leaving the conceivable prospect of asking prices being hiked up well above the recommended levels.

    Depending on the price premium Intel exacts for its new 12th-gen silicon – with some rumors reckoning it could be a bit of a jump from Rocket Lake – when you roll into the equation the further expense of DDR5, and a shiny new Z690 motherboard, those making the leap to an entirely new Alder Lake PC could be looking at a steep premium for their machine (on top of the existing additional costs for components in short supply already like GPUs).

    Via VideoCardz

    Read More

  • Apple Find My network could be abused to siphon data from nearby devices

    Researchers have discovered a flaw in Apple’s Find My system that allows arbitrary data to be lifted from nearby devices.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us