Old is now new in the ransomware landscape. Attackers are becoming more efficient with the recycling of codes. Therefore, a thorough understanding of the threat landscape is required to address such threats, combined with appropriate training in good cyber hygiene.
Ransomware has a tendency to repeat itself. Ransomware threat actors have begun recycling codes from sources that are available to the public. It has been observed that the new Nokoyawa ransomware campaign is evolving by using this strategy.
Here’s a closer look at this variant and what businesses should do to be secure given the current landscape of threat recycling.
New Windows ransomware called Nokoyawa first surfaced at the start of this year. The initial samples discovered by FortiGuard researchers were amassed in February 2022 and share a large amount of coding with Karma, ransomware that can be linked to Nemty through a long series of variants. Fortinet researchers initially reported on the Nemty ransomware family in 2019.
The researchers recently discovered a new variation of the ransomware campaign, which they found to be evolving by reusing code from publicly accessible sources. The three new features in the April 2022 samples increase the number of files that Nokoyawa can encrypt. Recent ransomware families already have these features. Hence, their addition only shows that Nokoyawa’s developers are attempting to keep up with other operators in terms of technological prowess.
The majority of the extra code was copied precisely from publicly accessible sources, including the source of the Babuk ransomware that was leaked in September 2021. For example, threat actors added capabilities to terminate services and processes that lower the number of files locked by other programs so the encryption code can encrypt those files. The code is the same as Babuk’s implementation, including service names and a list of processes.
Nokoyawa also uses the same code that was stolen from the Babuk source to enumerate and mount volumes to encrypt the files on those volumes.
Cybercriminals are Advancing More Rapidly than Ever
The Nokowaya is just another example of how threat actors can act more quickly than ever before, in this case by easily modifying malware that already exists using recycled code.
The industry has witnessed other instances like this one as well. This occurred with Log4j last year. The critical flaw in the Apache Log4j Java-based logging framework was so easy to exploit that it gave attackers complete control over the vulnerable systems. Log4j quickly rose to the top spot for IPS detection in the second part of 2021.
Although this form of recycling is nothing new, it is undoubtedly becoming a more common approach for threat actors, made simpler by the emergence of ransomware-as-a-service.
Strategies for Strengthening Security
Organizations must first have a better understanding of attack strategies. It’s more crucial than ever to stop an attacker in their tracks, and in some cases, concentrating on a few of the discovered TTP can successfully eliminate the attack capabilities of malware.
Second, everyone in the company must receive cyber hygiene training because cyber-attacks target remote workers and businesses. For this purpose, several free cybersecurity courses are currently available, including more challenging courses for cybersecurity experts. Everyone can benefit from a basic understanding of cyberwarfare to better protect their companies against attacks. Employees can avoid falling for these social engineering threats by using password security, multi-factor authentication, and knowledge of how to recognize malvertising schemes and phishing emails.
The Way Forward
In the world of ransomware development, everything that was once old is new again. The threat actors are quite effective; they research previous strategies and incorporate them into their new variants.
The devastating potential of these new variants is further increased by ransomware-as-a-service. However, businesses can improve their security posture by better understanding the latest attack methods and offering updated cyber hygiene training for their employees.
For more such updates follow us on Google News ITsecuritywire News