It's common knowledge at this point that ransomware and social engineering go together like peanut butter and jelly. In a recent study, the Online Trust Alliance attributed the incredible spike in ransomware this year specifically to the increased usage of social engineering tactics. The reason social engineering is so effective is because it's designed for trickery. The goal is to get an authorized network user to willingly introduce cyber threats into their system. This requires a good deal of manipulation.
Unfortunately, one of the most conniving social engineering tactics ever used has recently resurfaced, and it's tricking business managers into downloading ransomware.
Ransomware seeking employment
In March, researchers discovered a nasty strain of ransomware called PETYA. Unlike the encryption malware that came before it, PETYA is capable of overwriting the master boot record, which initiated the infamous blue screen of death, and forces a computer restart. Upon the reboot, the malware then encrypts the master file table, which means that the computer cannot find the files it needs to run the operating systems. This is a much more instantaneous lockdown than a strain that actually goes from file to file, encrypting everything in its path.
According to CIO contributor Lucian Constantin, some data recovery applications can still read the files; however, rebuilding all of them would be an extremely time-consuming, and possibly ineffectual process – one that may actually cost more time and effort than simply paying the .99 bitcoin ransom.
PETYA's methods are dangerous in and of themselves, but equally as alarming is the way the ransomware spreads. This highly targeted cyber threat poses as a seemingly harmless job application. Within the email's body is a link that lead to a shared drive, through which the fake applicant's resume or CV and a head shot can be accessed. If the content is downloaded, and allowed to run, it's at liberty to do its damage.
PETYA has returned, and it's brought its friend Mischa with it
As if PETYA's prerogative wasn't pernicious enough, the strain of malware has recently evolved to be twice as dangerous. According to a Trend Micro blog post, PETYA now comes packed up with Mischa, a different type of encryption malware that allegedly wreaked havoc on an entire public-sector organization in Australia.
The new dastardly duo works by first employing PETYA, which can only execute if a user is tricked into granting administration privileges. However, if PETYA fails do access these privileges for whatever reason, it initiates the installation of Mischa, which commences encryption of common file extensions such as PG, PNG and DOCX, but also EXE.
The tag team leverages the same social engineering methods previously used by PETYA, back when it was still flying solo. However, the ransom demands will vary depending on which of the two cyber threats gets through. If it's PETYA, the ransom is 1.967 bitcoins, the equivalent of $892. If it's Mischa, the hackers will demand 2.0098 bitcoins, valued at $909.
Ransomware is being delivered to organizations in a greater variety of ways than ever before, but the principal vessel is still email. The tricky part is that the nature of these emails is becoming more elaborate, as hackers get better at fabricating believable messages. PETYA and Mischa are perfect examples of this. It's not unusual for a business to receive unsolicited job applications, nor is it infeasible that hackers might go after companies that have a high volume of listings online. Targeted attacks such as these greatly increase the likelihood of success for hackers, while they raise the stakes for organizations.
As such, it's not enough to rely solely on vigilance as a means of defense against ransomware coupled with social engineering. Organizations need to employ smart, layered cyber security solutions that are capable identifying malicious links in emails before they have a chance to trick a user, and test running the attached files in a simulated virtual environment.
Hackers will use every trick imaginable to get organizations to download ransomware. It's not always possible for the human eye to catch them all, but it is possible for a comprehensive email protection solution. It takes a layered approach to cybersecurity to make sure that a multi-faceted, email-borne malware such as PETYA doesn't make it on to the system.
Don't let ransomware burden your business.