Ransomware becoming dangerous with double encrypting users data
By MYBRANDBOOK
Ransomware groups have always taken a more-is-more approach. Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other.
Emsisoft threat analyst Brett Callow, says, “The groups are constantly trying to work out which strategies are best, which net them the most money for the least amount of effort. So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not actually decrypted at all.”
Some victims get two ransom notes at once, Callow says, meaning that the hackers want their victims to know about the double-encryption attack. In other cases, though, victims only see one ransom note and only find out about the second layer of encryption after they've paid to eliminate the first.
Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization's systems with ransomware A and others with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. The researchers also note that in this side-by-side scenario, attackers take steps to make the two distinct strains of ransomware look as similar as possible, so it's more difficult for incident responders to sort out what's going on.
Ransomware gangs often operate on a revenue-sharing model, where one group builds and maintains a strain of ransomware and then rents its attack infrastructure to “affiliates” who carry out specific attacks. Callow says that double encryption fits into this model by allowing clients who want to launch attacks to negotiate splits with two gangs that can each provide a distinct strain of malware.
The question of whether to pay digital ransoms is a thorny and important one. And ransomware victims who choose to pay already need to be wary of the possibility that attackers won't actually supply a decryption key. But the rise of double encryption as a strategy raises the additional risk that a victim could pay, decrypt their files once, and then discover that they need to pay again for the second key. As a result, the threat of double encryption makes the ability to restore from backups more crucial than ever.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
TVS ELECTRONICS LTD.
TATA CONSULTANCY SERVICES
FRESHWORKS TECHNOLOGIES PVT. LTD.
HP INDIA SALES PVT. LTD.
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Madhabi Puri Buch
Madhabi Puri Buch is the chairperson of the securities regulatory body...
Technology Icons Of India 2023: Mukesh D. Ambani
An Indian billionaire businessman Mukesh Dhirubhai Ambani is currently...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...