We recently looked into ways phishing mails are evolving, attackers getting creative by the day. But a new trend has taken up the dark web, and soon phishing campaigns for ransomware and malware will be a thing of the past. With the sources equable of a small government, malware gangs have started collaborating within themselves and have come up with "initial access brokers," what these groups do is provide ransomware and other groups with already infected systems. Compromised systems through RDP endpoints, backdoored networking devices, and malware-infected computers install ransomware into the network, this makes the ransomware attacker work as swiftly as cutting into the cake.
There are currently three types of bookers that serve ransomware :
Selling compromised RDP endpoints:
These bookers carry a brute remote desktop protocol (RDP) into corporate systems, sold as "RDP Shops". Ransom groups often choose systems that are integrated well within the network.
Selling hacked networking devices: Hackers sell pre hacked devices exploiting publically known vulnerabilities or weak spots like firewalls, VPN servers or others. Access to these devices is auctioned off on dark web forums.
Selling computers pre-infected with malware: This is the most popular way ransomware is spread. Hacking gangs spread their malware bots into well-established systems and sell them to the highest bidder who further injects ransomware into the system.
The best protection against these attacks is to prevent them from happening. The first two infiltrations can be fended off using strong passwords, security measures, and regular updates. The third means (malware) is a bit complicated as it uses human blunder and tricks to invade the device.
Following is a list of malware that if you find in your system, drop everything and fix them out for they are sure to inject ransomware in your network:
- Emotet (Emotet-Trickbot-Ryuk)
- Trickbot (Ryuk - Conti)
- BazarLoader (Ryuk)
- QakBot (MegaCortex-ProLock-Egregor)
- SDBBot (Clop)
- Dridex (BitPaymer-DoppelPaymer)
- Zloader (Egregor-Ryuk)
- Buer Loader (Ryuk)