Malware Goes Beyond Ancient Jigsaw
November 04, 2021

Grayson Milbourne
Carbonite + Webroot

Ransomware is no stranger to corporate networks, as it poses huge risks and even larger recovery efforts that are quite costly. Successful ransomware attacks can result in locked systems, stolen identity, data held hostage — all of which can wreak chaos and disaster to the targeted organizations.

When ransomware reaches its target, it's practically game over. The malware encrypts files and spreads to the entire system to maximize damage, which forces many companies to lock down networks to stop the propagation.

Ancient Malware - Jigsaw

While encryption is used everywhere, it's not to be confused with hashing or obfuscating files because even though they are combined, they are not the same.

■ Hashing and obfuscating techniques are helpful for evading detection tools

■ Ransomware takes your data hostage because of encryption

Each uses different types of cryptography, from modern symmetric ciphers to asymmetric ciphers with the idea being to prevent any reverse operation without a key.

Many ransomware strains display a "special note" after the encryption mandating that the only way to decrypt the files is to send bitcoins to the criminals' wallet. However, as we know, some forms of ransomware are decryptable, and the ransom does not need to be paid or the burden should not fall solely on cyber insurance. For example, an ancient malware, Jigsaw, first coined in 2016, contains the key used to encrypt files in the source code; we recently saw this type of attack surface again this year within Morse code, proving that even as malware continues to evolve, criminals will use whatever works, meaning businesses need to be aware of not just evolving threats but also old ways of attack.

Doubling Down - Ransomware Evolves

Recent attacks don't just encrypt data — the malware is also able to exfiltrate critical information before the encryption. As ransomware protection improves, especially with removal and recovery strategies, hackers are turning to using stolen data as new leverage so they can still threaten the victims if they do not pay the ransom — enter double ransomware threats.

We've recently observed threat actors adopting a ‘double extortion' model in which they encrypt the target's data and not only demand a ransom for its return but also leverage additional payment incentives to add pressure on the victim to pay the ransom. Some threat actors will even use a more targeted approach and threaten to publicly release and/or auction the data unless the victim pays up, communicating the risks of not meeting compliance within the global GDPR and the hundreds of data privacy policies and laws.Two such examples are Conti and REvil, both on our 2021 Nastiest Malware list, who have been known to publish leaked data onto dark web sites if ransoms are not paid.

To Know Your Back Up Plan is to Really Know Your Data

A critical way to improve cyber resilience — your ability to withstand attacks and ensure continued access to your data — is to have a solid backup strategy. However, efforts can become futile if organizations forget to clearly list and identify their requirements, then test their procedures regularly to prevent massive failures at the worst moments.

Data protection is all about risk mitigation and you need to ask yourself a few key questions to have the most comprehensive plan:

1. How does your data tie into your business operations or your revenue, and does the data need to be archived?

2. Does the data live in a legacy system where it might be subject to regulatory frameworks which could expose your business to penalties if data is breached?

3. What is the data your business cannot function without?

4. How long might it take to restore that data?

5. What might it cost to fully restore?

The End is Not Near

Cybercriminals will continue to refine their approaches and experiment with different business models as evolutionary ransomware attacks place enormous stress on the availability of services and data streams.

While those adversaries will, without doubt, continue to look for additional ways to put pressure on victims to maximize their chances of getting paid, you can be empowered to preserve what is most valuable to you today by deploying strong cyber resiliency practices, both now and in the future.

Grayson Milbourne is Security Intelligence Director for Carbonite + Webroot
Share this

Industry News

December 02, 2021

Mirantis announced DevOpsCare, powered by Lens, a vendor-agnostic, fully-managed CI/CD (continuous integration/continuous deployment) product for any Kubernetes environment, offering developers higher levels of productivity more quickly.

December 02, 2021

The D2iQ Kubernetes Platform (DKP) is now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services, Inc. (AWS).

December 01, 2021

Bugcrowd announced the availability of Bugcrowd's cybersecurity solutions on the AWS Marketplace, providing customers with easy access, simplified billing, quick deployment, and streamlined license management.

December 01, 2021

Kublr received Microsoft Azure Arc-enabled Kubernetes validation, including for Azure Arc-enabled Kubernetes for Data Services.

December 01, 2021

CloudSphere achieved Amazon Web Services (AWS) Migration and Modernization Competency for discovering, planning, and helping enterprise customers move business services to AWS to reduce cost, increase agility and improve security.

November 30, 2021

JFrog introduced a new container registry and package manager for running JFrog Artifactory with Kubernetes clusters on-premises, in the cloud, or both.

November 30, 2021

Docker announced the availability of Docker Official Images directly from Amazon Web Services (AWS).

November 30, 2021

Weaveworks announced the general availability of Weave GitOps Enterprise, a GitOps platform that automates continuous application delivery and Kubernetes operations at any scale.

November 30, 2021

Amazon Web Services announced AWS Mainframe Modernization, a new service that makes it faster and easier for customers to migrate mainframe and legacy workloads to the cloud, and enjoy the superior agility, elasticity, and cost savings of AWS.

November 29, 2021

Quali announced the newest release of Torque Enterprise, which includes enhanced integration with Terraform, new custom tagging capabilities, and improved cost visibility dashboards, unleashing an entirely new level of self-service access to application environments on demand.

November 29, 2021

Vertical Relevance (VR), a financial services-focused consulting firm, achieved Amazon Web Services (AWS) DevOps Competency status.

November 18, 2021

Loft Labs announced the launch of Loft version 2 with a focus on ease of use that overcomes the major complaint that Kubernetes is complex and hard to set up.

November 18, 2021

Perforce Software announced new functionality to speed remediation of discovered defects in automated scans.

November 18, 2021

Lacework raised $1.3 billion in growth funding at a valuation of $8.3 billion.

November 17, 2021

Parasoft announced the 2021.2 release of Parasoft C/C++test, the unified C and C++ development testing solution for embedded applications.