https://arstechnica.com/information-technology/2019/01/new-ransomware-rakes-in-4-million-by-adopting-a-big-game-hunting-strategy/
By Dan Goodin
Ars Technica
January 12, 2019
A recently discovered ransomware group has netted almost $4 million since
August, in large part by following a path that's uncommon in its
industry-selectively installing the malicious encryption software on
previously infected targets with deep pockets. The method differs from the
usual one of indiscriminately infecting all possible victims. That's the
take of two analyses published Thursday, one by security firm CrowdStrike
and the other by competitor FireEye.
Both reports say that Ryuk, as the ransomware is known, infects large
enterprises days, weeks, or as much as a year after they were initially
infected by separate malware, which in most cases is an increasingly
powerful trojan known as Trickbot. Smaller organizations infected by
Trickbot, by contrast, don't suffer the follow-on attack by Ryuk.
CrowdStrike called the approach "big-game hunting" and said it allowed its
operators to generate $3.7 million worth of Bitcoin across 52 transactions
since August.
Besides pinpointing targets with the resources to pay hefty ransoms, the
modus operandi has another key benefit: the "dwell time" -- that is, the
period between the initial infection and the installation of the
ransomware -- gives the attackers time to perform valuable reconnaissance
inside the infected network. The reconnaissance lets attackers CrowdStrike
dubs Grim Spider maximize the damage it causes by unleashing the
ransomware only after it has identified the most critical systems of the
network and obtained the passwords necessary to infect them.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
