Attack, double Attack and Versus Attack

(Pack, double Pack and Versus Pack)

The technique of new ransomware

We found on https://www.infosec.news/2020/11/20/news/sicurezza-digitale/pacco-doppio-pacco-e-contropaccotto-la-tecnica-dei-nuovi-ransomware/ the article of Roberto MOZZILLO written on Novembre 20, 2020

It’s the new frontier of cybercrime. The latest hacker attacks on companies are perpetrating themselves using ready-to-use malware services. Just pay the indicated rate and voilà, the RAAS (Ransomware As A Service) is served. We are talking about EGREGOR, a name chosen apparently because it refers to a term of occultism that means "collective energy of a group of people united for a single cause". EGREGOR seems to be part of the larger "family" of Sekmet Ransomware. The attack modes are the usual: the vulnerabilities not yet detected and the weak link par excellence, people, by sending Bad Links and Phishing activities. Once he enters the computer system he decided to attack, he deploys his tactics:

PACK It encrypts all the data it can access with extremely sophisticated encryption algorithms that are difficult to decipher by automatically starting the ransom request in format . TXT to be paid within 3 days. DOUBLE PACK

EGREGOR is one of those new ransomware that uses the double ransom technique of making a copy of all the encrypted data to carry out the second blackmail: whether the attacked company paid the first ransom or not, part the request for a second sum threatening the publication of all data either on the Dark Web or even free on the Internet

VERSUS PACK

If the victim still hesitates, or wants to keep it even more in the "nightmare", EGREGOR is able to pilot all the equipment in the network of the unfortunate, as happened recently in a commercial chain in Chile. After the ultimatum the hackers started the phase of psychological terrorism: from the printers of the receipts they let out kilometers of paper with the original blackmail message printed on it: "Your network has been hacked, your computers and servers are blocked, your private data has been downloaded". To the frustration of the users of those systems in not being able to use any application because blocked by the virus, it adds an almost "horror" effect of seeing the printers come alive by themselves and emit threatening messages

COMMENT ONE: Pay or not pay? COMMENT TWO : It should not be on principle. Then you have to be in the situation to be able to judge