Cyderes, a Cybersecurity Risk Management firm from Missouri, has discovered that corrupting files are proving cheaper, is faster and is less likely to be detected by security solutions. For this reason, some hacking groups who were into ransomware attacks have set up a separate sect of threat actors who are being assigned the job of target corporate networks and corrupt files.
Security firm Stairwell in collaboration with Cyderes has discovered that ransomware actors are now threatening their victims of destroying files instead of encrypting them until a ransom is paid.
Meaning, all these days we have seen threat actors indulging in the spread of file encrypting malware until a demanded ransom is paid in Bitcoins or other cryptocurrencies. But now, they are indulging in a tactic of copying data from one file to another if their victim cannot pay a ransom.
Technically, it is proving easy and cannot be red-lined by anti-malware solutions, as they cannot term it as a suspicious activity. Another reason for its adoption is the fact that it can be done within a time frame, that can be completed within 1/4th of the time frame observed in encrypting files.
BlackCat ransomware, aka Alphv Ransomware, is seen indulging in such operations and already targeted two companies in South Korea and a company in Ukraine.
It’s unclear whether only a single malware spreading group is indulging in such tactics of direct data destruction or will this transform into a global trend among other ransomware spreading threat actors.
