More Ransomware to be aware of
New ransomware threats have emerged over the past months, as reported by the FBI. Definitely not great news and the last thing any business or cybersecurity team wants to hear. Threats and FBI? You know it’s serious. And, it is, as the FBI has flagged two new ransomware types looking to wreak havoc on unprepared targets.
The names of the new dastardly duo are LockerGaga and MegaCortex, and though they sound like failed garage-band albums, they’re quite successful as malware exploits. Their goal is to hijack and control a target network and then hold it ransom. How, you may ask? SQL injections, phishing attacks, stolen login credentials, and/or exploits found on a network.
None of those are good, and if you noticed there’s a common theme: they result (mostly) because of human error. This is the case with ransomware attacks and malware exploits in general.
However, LockerGaga and MegaCortex use an additional step, according to the FBI. Cobalt Strike, a secondary program, conducts ‘penetration tests on a compromised device in order to sniff out additional weaknesses in network security. This is bad, because those who implement the ransomware typically won’t act on it for a while, typically for several months (it’s worth noting this is a common tactic by third-parties).
During this period information is collected, with the goal to locate and encrypt the most valuable data. Once it’s encrypted, it’s difficult to get that information back, if not impossible. The best tactic for ransomware is prevention.
What You Can Do
Okay, so it’s a huge bummer. “Don’t get ransomware, very helpful,” you say.
But not to worry, there are several things your enterprise can do to reduce the risk of contracting this strain of ransomware.
- Set strict security guidelines and credentials for your staff, management included
- Limit who can navigate and access important intranet networks and create a layered virtual network, if not set up already
- Utilize 2FA (two-factor authentication) on all mobile devices
- Update all software, firmware, and apps
- Monitor group directory and administrative groups for unauthorized users
- Blocky any ports that are open or set to “listening”
Still having trouble? You can also consider working with an MSP to help resolve cybersecurity issues, shore up weaknesses, and implement robust network monitoring.
For more information, contact Bytagig to learn about how we can help you.