ShredOS is a stripped-down operating system designed to destroy data.
GitHub page here.
Category: data destruction
Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks.
The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions .exe, .dll, .lnk, .sys or .msi, and ignores several system folders in the C:\Windows directory. The malware focuses on databases, archives, and user documents.
So far, our experts have seen only pinpoint attacks on targets in the Russian Federation. However, as usual, no one can guarantee that the same code won’t be used against other targets.
Nothing leading to an attribution.
News article.
Slashdot thread.
Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.
Security firm Stairwell in collaboration with Cyderes has discovered that ransomware actors are now threatening their victims of destroying files instead of encrypting them until a ransom is paid.
Meaning, all these days we have seen threat actors indulging in the spread of file encrypting malware until a demanded ransom is paid in Bitcoins or other cryptocurrencies. But now, they are indulging in a tactic of copying data from one file to another if their victim cannot pay a ransom.
Technically, it is proving easy and cannot be red-lined by anti-malware solutions, as they cannot term it as a suspicious activity. Another reason for its adoption is the fact that it can be done within a time frame, that can be completed within 1/4th of the time frame observed in encrypting files.
BlackCat ransomware, aka Alphv Ransomware, is seen indulging in such operations and already targeted two companies in South Korea and a company in Ukraine.
It’s unclear whether only a single malware spreading group is indulging in such tactics of direct data destruction or will this transform into a global trend among other ransomware spreading threat actors.
The post Corrupting files is easy than spreading Ransomware appeared first on Cybersecurity Insiders.