A new ransomware campaign specifically targeting enterprise servers has been discovered by security researchers. The technology employed by the criminals indicates the involvement of notorious cyber gangsters.
The new malware first attracted the attention of security analysts at Intezer and IBM’s X-Force. The experts have named it “PureLocker” because it has been coded in PureBasic, as reported on “ZDNet”. On the one hand PureBasic occasionally makes it more difficult to create dependable detection signatures, while on the other the programming language functions across the Windows, Linux and macOS platforms.
“Targeting servers means the attackers are trying to hit their victims where it really hurts, especially databases which store the most critical information of the organization,” the article cites Michael Kajiloti, a security researcher at Intezer, as saying.
In the “PureLocker” source code, the experts have found traces of the highly significant “more_eggs” backdoor malware. These same tools have recently been used by some of the most cunning cyber rings, including the Cobalt Gang and FIN6, the report adds.
How exactly “PureLocker” is delivered to its victims, is not entirely clear yet. With “more_eggs”, at any rate, phishing emails serve as the initial vector of attack. This could also be true in the case of “PureLocker”, where the final payload is most likely sent as the last step in an attack carried out in multiple stages.
In times when such sophisticated, targeted, costly cyber attacks may strike at any moment, ongoing sensitization of staff is as indispensible as powerful technical protection for the company’s email infrastructure. Retarus’ Secure Email Platform provides an effective phishing filter, amongst many other essential services. Find out more about our services from our website or directly from your local Retarus representative.