Ransomware, a form of malicious software that locks up data, systems, and networks until a sum of money is paid to cyberthieves, is making headlines for various reasons this week.
Microsoft issued an advisory warning organizations worldwide to take measures to protect themselves against PonyFinal, a relatively new strain of ransomware leveraged in “human-operated” attacks. In these attacks, the targeted organizations are carefully selected and the network is breached using brute-force tactics to guess weak passwords. Human operated attacks are distinct from those that are deployed in a more randomly-selected fashion, using email or exploit kits that trick end users into launching malicious software. Microsoft has said that PonyFinal is one of several strains of ransomware that have targeted healthcare organizations during the COVID-19 pandemic. More information is linked below.
Besides human-operated attacks, another trend in ransomware are accompanying threats to auction the victim’s data. Brian Krebs reports that attackers are “doubly extorting” targets, demanding one payment for a key to unlock files rendered inaccessible by the malware, and a second payment to permanently delete data, rather than selling or publishing it on the Dark Web.
An important way to mitigate the threat of ransomware is to back up data, in several forms wherever possible, with at least one backup that is stored off-system.
Additional information, as well as Office of Information Security resources, can be found below.
More Info
ZDNet article: Microsoft warns about attacks with the PonyFinal ransomware
Krebs on Security: REvil Ransomware Gang Starts Auctioning Victim Data
Mitre ATT&CK Techniques: Data Encrypted for Impact
Office of Information Security Resources
Malware and Ransomware Risk Advisory