Topic / Security / Ransomware attackers targeted this company. Then defenders discovered something curious

Ransomware attackers targeted this company. Then defenders discovered something curious
6 min read
fairly difficult
Cybersecurity researchers detail a mysterious attack that uses sophisticated techniques to deliver a relatively unsophisticated ransomware. The question is, why?
The ransomware threat is growing: What needs to happen to stop attacks getting worse? Watch Now

Cybersecurity researchers have detailed a ransomware campaign that clearly borrows attack techniques used by nation-state-backed hacking and cyber-espionage operations.

The campaign came to light when cyber criminals attempted to launch a ransomware attack against an unspecified product safety testing organisation. The attack was detected and stopped before it was successful, but provided cybersecurity researchers at eSentire with enough information to analyse the tactics, techniques and procedures being used.

ZDNet Recommends The best cyber insurance The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider. Read More

As eSentire's security research team began to investigate the incident, they said they "discovered some very curious findings, relating to both the threat group behind the attack, as well as the tools and techniques used in the attack".

SEE: A winning strategy for cybersecurity (ZDNet special report)

The attack methods used in attempted ransomware campaign resembled techniques previously attributed to state-backed Chinese hacking operations including APT27 – also known as Emissary Panda.

eSentire said the low quality of the ransomware and the lack of any known ransomware breaches by this 'Hello Ransomware', along with the attackers' use of intrusion and reconnaissance methods that are typically associated with sophisticated groups, raises the question of whether the ransomware is the primary goal of the operators.

"Or are the cyber criminals dropping ransomware into their target victims' IT environment to simply distract from their real motive – cyber espionage?" eSentire said.

While all of this doesn't necessarily mean that those behind the ransomware are working out of or on behalf of China, it demonstrates how cyber criminals can mimic the tactics used by advanced…
Danny Palmer
Read full article