Ransomware attack to the database of University of Madras
By MYBRANDBOOK
In a recent incidence in the University of madras the database faced a serious threat in the form of Ransomware (a malicious software) attack, following which the data was encrypted and the attacker demanded a ransom of Rs 18 lakh to restore access to the data.
With targeted ransomware attacks on the rise and as Sophospredicted in its 2019 Threat Report, we’re going to see even more such threats emerge. SophosLabs has uncovered Matrix, a targeted ransomware attack that is flying under the radar. While Matrix has been around since 2016, it is a good example of what a copycat targeted attack would look like.
In the latest Matrix ransomware report* released today, SophosLabs identifies brute-force attacks on weak Remote Desktop Protocols (RDP) as the common thread between various strains of targeted ransomware, including Matrix, BitPaymer, Dharma, SamSam, and Ryuk. However, Matrix is unique because it targets a single machine, rather than spreading through an organization, like SamSam. While this part of the attack is less sophisticated than others, Matrix also comes equipped with a “Swiss Army knife” of malware that helps it carry out its attack. Another difference is that Matrix cybercriminals force victims to message them directly to show proof of encryption before they disclose their ransom demand and amount.
The trend for targeted ransomware continues: Matrix Deconstructed
* Sophos released a report that delves into Matrix ransomware
* Primary means of access is through firewalls that have the Remote Desktop Protocol enabled
* As highlighted in Sophos’ 2019 Threat report, targeted ransomware attacks are gaining in prominence
Matrix ransom notes are embedded in the attack code, but victims don't know how much they must pay until they contact the attackers. For most of Matrix's existence, the authors used a cryptographically-protected anonymous instant messaging service, called bitmsg.me, but that service has now been discontinued and the authors have reverted to using normal email accounts. The threat actors behind Matrix make their demand for cryptocurrency ransom in the form of a U.S. dollar value equivalent. This is unusual as demands for cryptocurrency normally come as a specific value in cryptocurrency, not the dollar equivalent. It's unclear whether the ransom demand is a deliberate attempt at misdirection, or just an attempt to surf wildly fluctuating cryptocurrency exchange rates. Based on the communications SophosLabs had with the attackers, ransom demands were for US$2,500, but the attackers eventually reduced the ransom when researchers stopped responding to demands.
Matrix is very much the Swiss Army Knife of the ransomware world, with newer variants able to scan and find potential computer victims once inserted into the network. While sample volumes are small, that doesn't make it any less dangerous; Matrix is evolving and newer versions are appearing as the attacker are improving on lessons learned from each attack.
In Sophos’ 2019 Threat Report we highlighted that targeted ransomware will be driving hacker behavior, and organizations need to remain vigilant and work to ensure they are not an easy target.
Sophos recommends implementing the following four security measures immediately:
* Restrict access to remote control applications such as Remote Desktop (RDP) and VNC
* Complete, regular vulnerability scans and penetration tests across the network; if you haven’t followed through on recent pen-testing reports, do it now. If you don’t heed the advice of your pentesters, the cybercriminals will win
* Multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN
* Create back-ups that are offline and offsite, and develop a disaster recovery plan that covers the restoration of data and systems for whole organizations, all at once
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
TEJAS NETWORKS INDIA PVT. LTD.
TALLY SOLUTIONS PVT. LTD.
GLOBUS INFOCOM LTD.
QUICK HEAL TECHNOLOGIES PVT. LTD.
Icons Of India : Girish Mathrubootham
Girish Mathrubootham is the Founder of Freshworks (previously known ...
ICONS OF INDIA : S KRISHNAN
S Krishnan as the secretary for the electronics and information techno...
Icons Of India : B.V.R. Subrahmanyam
A 1987 batch (Chhattisgarh cadre) Indian Administrative Service Office...
NSE - National Stock Exchange
NSE is the leading stock exchange in India....
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday
Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...
Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies
Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...