We’ve written about Big Game Hunting, where cybercriminals focus on attacking high-value targets instead of a host of smaller targets. We’ve also noted the increasing amounts of ransoms demanded in ransomware attacks in recent years.
A segment of attackers has certainly been on a quest for bigger and bigger ransoms. A new ransomware, dubbed PwndLocker, follows this disturbing trend.
PwndLocker has been hitting local governments and large enterprise targets, requesting eye-watering bitcoin ransoms ranging from $175,000 to over $660,000, per Bleeping Computer.
Also per Bleeping Computer, using a sample shared by renowned security researcher MalwareHunterTeam: PwndLocker, upon being unleashed on a network, attempts to shut down various Windows services. These include Microsoft SQL Server, IIS, Veeam, as well as popular security applications like Sophos, McAfee, and Malwarebytes.
Other targets for shutdown include backup applications, database servers, and commonly used applications such as Word, Excel, and Firefox.
After shutting down processes and apps, and clearing out Shadow Volume Copies that could help with restoring data, the PwndLocker ransomware will start encrypting files.
The ransom note left behind includes payment details and even allows for the complimentary decryption of two files as a show of good faith!
Security is a priority
Network security is of utmost importance when ransomware like PwndLocker is being used by attackers.
“Whether you have a small business or a large corporation, you need to make security a priority,” said Brian Walker, CEO of InCare Technologies.
“While the attackers behind PwndLocker are apparently going for larger targets, many cybercriminals are quite indiscriminate.”
“In fact, small and medium businesses can be favored targets because they may not have the level of security that larger organizations typically have. Most smaller businesses won’t be able to pony up extremely large ransoms like the mega-corporations can, but if the attackers can successfully disable multiple smaller companies and make them pay, it can add up.”
“Layering your security is one of the best things you can do to protect your data and your people,” said Aaron Allen, Director of Technical Services at InCare. “Attackers will use a variety of tactics, including social engineering, where they utilize campaigns of deceptive emails and messages to infiltrate a network.
“By having multiple defenses — including comprehensive backups of vital data — you create a much more powerful defense than just relying a single security appliance or software.”
“It’s time to strengthen your security,” stressed Walker. “Schedule your free consultation by filling out the form below. We’ve just recently been recognized in the ‘Elite 150‘ managed service providers by CRN. Whether you want us to manage a portion of your security or all of it, we’re here to help you stay safe.”