Explore the elusive nature of some variants of ransomware, which can set up, hide, and become an advanced persistent threat that sleeps quietly and can reactivate even after the ransom has been paid.
- [Narrator] We now must be mindful that there are some variants of ransomware that can set up, hide, and then become an advanced persistent threat that sleeps quietly and can reactivate even after you have paid the ransom. Let's look at the two different attacks. A ransomware attack blocks access to a system until the victim has paid a ransom. An advanced persistent threat gains access to a computer's system and remains undetected for weeks, months, and even years.
Once in the system, the advanced persistent threat quietly conducts a reconnaissance exercise and searches for anything of value. All the while reporting back to the mothership via a covert channel. The advanced persistent threat waits for the opportunity to launch an attack, to steal information from the system such as user accounts, passwords, and other valuable information. Here we see a comprehensive report on ransomware related events over a timeframe from May 2016 to November 2017.
The incidents are visually broken down into different categories that include new ransomware, updates of existing streams, decryptors released, and other ransomware related news. Malware creators are now combining ransomware and an advanced persistent threat. One variant discovered in February 2017 is DynA-Crypt which is more than just ransomware in that it is a variant that marries a ransomware attack with an advanced persistent threat to become a superbug, resulting in repercussions that last even after the victim pays the ransom.
Here, we can see DynA-Crypt is more than just ransomware. It encodes the victim's data and then steals various personally identifiable information. I'm at this webpage where we can see that developer kits are available on the dark web for about $50 in Bitcoin currency. Here we see an image of DynA-Crypt, which is called DynA-Crypt or Dynamite Malware Creation Kit, which has an easy to use interface to customize your attack.
DynA-Crypt first delivers the ransomware attack and then after the victim pays the ransom, the data is decrypted and then DynA-Crypt embeds the advanced persistent threat within the system, quietly waiting for the right time to launch a second attack which can result in more substantial and unexpected damage. As we can see with the readily available code on the dark web, we will most likely see more of this type of blended threat.
As a result, we must be more diligent with our cybersecurity.
- How ransomware works
- Types of ransomware
- Safeguarding Windows
- Securing your router
- Updating software and operating systems
- Spam, phishing, and spoofing
- Reporting ransomware