All is well here at Woesnotgone Meadow, where
everyone has above average bandwidth.
In the Meadow, we certainly play video games.
Sometimes by ourselves, other times with our children or grandchildren. We play racing games, zombie games, and many others. We expect to have a great time
with this. What we don’t expect is to be a victim of ransomware.
Ransomware
The new ransomware, Anatova, has been detected.
This was originally detected by McAfee. The research indicates this was
released on January 1, 2019. The ransomware has been noted as infecting others
in a private peer to peer networks. This has been analyzed. The ransomware
curiously was engineered to be modular in nature. This allows the ransomware to
be updated for new functions. This also makes the ransomware more difficult to
detect. While this is the case, it has been detected across the globe in
Belgium, Germany, France, and the UK, among other European countries.
Code
This version of ransomware was engineered with a
slight twist. This does encrypt files just like the other ransomware tools
already do. This ransomware also checks for connected network shares and
encrypts these files.
It is not known who or what group coded this
ransomware. Curiously, the malware does not infect systems located in Syria,
Egypt, Morocco, Iraq, and India.
How it Works
This uses
an old social engineering trick/method. Anatova has an icon of a game or application.
This fools the user into believing they will be double-clicking on the game.
Post-double click, the system shows a request for admin rights. If the user
just clicks this for convenience or believes this is a requirement, their
(not-so much) fun begins.
This encrypts their system and files, on the PC
and servers. The ransomware uses strong encryption, using a pair of RSA keys.
The malware retrieves the username of the logged in party and/or active user. These
names are compared with default usernames used with sandboxes. If this is
found, the ransomware will not work.
Demands
Once the infection is in place and the user has
the “uh-oh” moment, the system notifies the user of the ransomware. The system
then demands a payment to unlock the files, just as with the other ransomware
samples.
Lessons
This is another example of the additional
training needed by the staff. There are very limited occasions when downloading
a game is required at work. The equipment really should be used for work.
Thanks for visiting Woesnotgone Meadow, where
the encryption is strong, and the O/Ss are always using the latest encryption.
Resources
Allen, D. (2019, January 23). Anatova is a nasty
new ransomware that targets gamers. Retrieved from https://www.techradar.com/news/anatova-is-a-nasty-ransomware-that-targets-gamers
Bhatnagar, V. (2019). Anatova ransomware is
targeting gamers. Retrieved from http://www.hackbusters.com/news/stories/4297915-anatova-ransomware-is-targetting-gamers
Digital Trends. (n.d.). Latest ransomware
targets gamers with a malicious sophistication. Retrieved from https://www.digitaltrends.com/computing/anatova-ransomware-targets-gamers-malicious/
EHacking News.(2019, January 26). Anatova
ransomware is targeting gamers. Retrieved from http://www.ehackinghews.com/2019/01/anatova-ransomware-is-targeting-gamers.html
Fire-Ball Cyber Security. (2019, January 26).
Anatova ransomware is targeting gamers. Retrieved from https://fireballcybersecurity.blogspot.com/2019/01/anatova-ransomware-is-targeting-gamers.html
Palmer, D. (2019, January 24). New ransomware
poses as gamers and software to trick you into downloading it. Retrieved from https://www.zdnet.com/article/new-ransomware-poses-as-gamers-and-software-to-trick-you-into-downloading-it/
Salim, S. (2019, January 25). Alert: Ransomware
found in free games and software. Retrieved from https://www.digitalinformationworld.com/2019/01/anatova-ransomware-targeting-gamers-skilled-hackers.html
Scammell, R. (2019, January 23). Watch out for
anatova, a new ransomware targeting gamers. Retrieved from https://www.verdict.co.uk/anatova-ransomware-gamers/
No comments:
Post a Comment