Fraud Alert: Beware of New Cheap Junk Gun Ransomware
Most Bollywood films of yore had a scene where the villain would hold someone dear to the good guy to ransom to force the hero to do his bidding—like signing on a paper or agreement to transfer assets, etc. Fast forward to 2024 and you hardly find such scenes in films or television serials. Instead, criminals are smoothly and successfully using the same formula in cyberspace to extract money from victims by getting hold of their data and files (read: using encryption). 
 
Welcome to ransomware! 
 
Ransomware is malicious software (malware) designed to block access to a computer system, files, or data until a sum of money, or ransom, is paid. Ransomware attacks, typically, involve encrypting the victim's files or locking them out of their system, with the promise of restoring access upon ransom payment. 
 
Nothing in cyberspace or the cybercrime world remains static—it changes and turns more chilling with every advancement of technology which constantly provides new tools to criminals to keep them ahead of ordinary internet users. 
 
For example, over the past decade, cybercriminals have used the traditional affiliate-based ransomware-as-a-service (RaaS) model to carry out attacks and extort money from victims. However, security solutions provider Sophos found 19 'junk gun' ransomware variants—cheap, independently produced and crudely constructed ransomware variants—on the dark web. 
 
It says, "The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based RaaS model that has dominated the ransomware racket for nearly a decade. Instead of selling or buying ransomware to or as an affiliate, attackers are creating and selling unsophisticated ransomware variants for a one-time cost-which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs) and even individuals."
 
According to Sophos, over the past two months, some of the biggest players in the ransomware ecosystem have disappeared or shut down, while some ransomware affiliates are venting their anger over the profit-sharing scheme of RaaS. 
 
"Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem, especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves," says Christopher Budd, director, threat research, Sophos.  
 
As noted in the Sophos report, the median price for these junk-gun ransomware variants on the dark web was US$375, significantly cheaper than some kits for RaaS affiliates which can cost more than US$1,000. The report indicates that cyber attackers have deployed four of these variants in attacks. While the capabilities of junk-gun ransomware vary widely, their biggest selling points are that the ransomware requires little or no supporting infrastructure to operate, and the users are not obligated to share their profits with the creators. 
 
"These types of ransomware variants are not going to command the million-dollar ransoms like Clop and Lockbit but they can indeed be effective against SMBs, and for many attackers beginning their 'careers’, that is enough. While the phenomenon of junk gun ransomware is still relatively new, we have already seen posts from their creators about their ambitions to scale their operations, and we have seen multiple posts from others talking about creating their own ransomware variants," Mr Budd adds.
 
While ransomware attacks are mostly targeted towards businesses, with the new cheap junk guns, the days are not far when individuals will also get hit by them. 
 
Basically, ransomware can inflict significant harm in four ways: financial loss, data loss or theft, disruption of services and reputational damage.
 
Ransomware attackers, typically, demand payment in exchange for restoring access to encrypted files or systems. Victims may suffer financial losses from paying the ransom or the costs associated with recovering or replacing affected systems.
 
In addition to encrypting files, ransomware may also exfiltrate sensitive data before encryption. This stolen data can be used for further extortion or sold on the dark web, leading to potential identity theft or other privacy breaches.
 
Ransomware attacks can also disrupt essential services and activities by encrypting critical files or systems. This can lead to downtime for businesses, loss of productivity and disruption of personal activities.
 
If data is compromised or services are disrupted, the victims, including businesses or individuals, may suffer reputational damage, especially if they cannot protect sensitive information or maintain the integrity of their systems.
 
While the remaining 100% protected from ransomware or any cyber threat is not possible, here are a few suggestions to help stay protected from new junk gun ransomware attacks...
 
1. Take regular backups: Regularly back up your important files and data on external devices or cloud storage. This ensures that you can restore your files without paying the ransom, even if your files on the device under attack are encrypted by the criminals.
 
2. Update software: Keep your operating system (OS), antivirus software and other applications up-to-date with the latest security patches. Ransomware attackers often exploit vulnerabilities in outdated software.
 
3. Use antivirus and anti-malware software: Install good antivirus and anti-malware software on your devices and keep them updated. These programs can monitor and help detect and remove ransomware threats before they cause harm.
 
4. Remain cautious online: Be cautious when clicking on links or downloading attachments from unfamiliar or suspicious emails, websites, or social media messages which may contain ransomware or other malware.
 
5. Use firewall: Firewalls on your devices help monitor and control incoming and outgoing network traffic, thereby blocking unauthorised access and potential ransomware infections.
 
6. Disable remote desktop protocol (RDP): If you do not need it, consider disabling RDP to prevent unauthorised access to your system through this remote access tool which is often targeted by ransomware attackers.
 
7. Use strong, unique passwords: Use strong, complex passwords for your accounts. You may also consider using a password manager with the highest encryption levels to securely store and manage your password. Needless to say, avoid using the same password for multiple accounts.
 
8. Educate yourself: Learn and understand common ransomware tactics and stay informed about the latest threats. Also, be wary of social engineering techniques used by attackers to trick individuals into installing ransomware.
 
Stay Alert, Stay Safe!
Comments
Fraud Alert: Apple Warns about Mercenary Spyware, Android Users Facing 'eXotic Visit' Espionage Campaign
Yogesh Sapkale, 12 April 2024
While most Indians are busy with the Indian Premier League (IPL) and the Lok Sabha elections, this week turned out to be quite alarming for mobile users, in terms of newer threats and cyberattacks. Apple has issued a threat...
Free Helpline
Legal Credit
Feedback