Skip to main content
search
Articles

New Ransomware Attacks Use Powerful Encryption to Prevent Analysis and Avoid Detection

By August 17, 2018#!28Thu, 28 Feb 2019 10:40:08 -0300p0828#28Thu, 28 Feb 2019 10:40:08 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:40:08 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:40:08 -03004010402amThursday=904#!28Thu, 28 Feb 2019 10:40:08 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:40:08 -0300p0828#/28Thu, 28 Feb 2019 10:40:08 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:40:08 -0300pAmerica/Sao_Paulo2#No Comments

Source: IBM Security & #8211; August 16, 2018 

Reverse engineering safety researchers have updated the GandCrab ransomware  and discovered new features that improve their ability to avoid detection and prevent defense teams from reviewing.

First discovered in January, the GandCrab is now the most powerful threat of its kind., whether targeted at a single person or an entire company, according to a July 31 McAfee threat report.

O GandCrab It is similar to its peers in that it tricks users into installing them, locks them from their devices, and requires payment in cryptocurrency before restoring access. These new attacks of ransomware can be introduced through various attack vectors, from traditional phishing emails to Trojan horses, fake programs, and exploit kits.

New ransomware attacks hidden in encryption layers

While a number of bugs in the code of the GandCrab suggests that the ransomware It's not the work of professionals, according to the researchers, it has unique features that should put security teams on high alert. Newer versions, for example, use an algorithm called Salsa20 to encrypt files instead of slower and less efficient alternatives such as Advanced Encryption Standard (AES) and RSA.

When generating random Salsa20 keys and initialization vectors for each file, the GandCrab essentially protects itself with a series of layers of encryption that prevent victims from opening again. Security teams would need a private key to access the embedded public key. Also, as the GrandCrab excludes itself and all shadow volumes that could remain on an infected device, it is difficult for researchers to learn about new ransomware after the fact.

Defend your data with one last hold 

Given how quickly this ransomware has become valuable to cybercriminals and the promotion it may be getting in clandestine forums, it is not always possible to turn off the GandCrab of corporate networks. In your “Ransomware Answer Guide”, O IBM X-Force recommends a method called last resort containment to help organizations respond when they cannot quickly or easily find out where new attacks are coming from. ransomware.

About [SAFEWAY]

THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

  • Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
  • [SAFEWAY]Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.
  • And others, involving technologies ImpervaThalesBeyondTrust, ManlyWatchGuard Technologies.

 

Leave a Reply

Close Menu