For anyone learning about cybercriminals, they must first recognise that these criminals are not only devious in their design of attack software, but always want to go for the “low hanging fruit.” In technology, the most vulnerable “fruit” continues to be legacy systems, and the latest version of GandGrab ransomware proves that they will continue to pursue this avenue because it brings the most success.
Legacy systems are more difficult to sustain against these types of attacks due to the inability to create viable security. TechTarget Security offered this information on the latest ransomware:
“An update to the GandCrab ransomware was identified in July 2018. Some of the changes included the use of the EternalBlue exploit in an attack against vulnerable Windows systems via the server message block and over the network into a ransomware worm. This update enabled hackers to target Windows XP and Windows Server 2003 systems.
Likewise, the new GandCrab attack includes functionality so that it doesn’t need a command-and-control mechanism to operate, making it easier to attack an air-gapped environment. According to Fortinet, the update also changed the attack’s encryption functionality to potentially make it faster.
With this updated malware, legacy systems are at the highest risk since many antimalware tools reasonably stopped supporting Windows Server 2003 and Windows XP. These same systems may not have been patched, making them vulnerable to the EternalBlue exploit. Likewise, the system may use an administrative account by default, creating additional risk.”
IT managers need to take a good hard look at their existing enterprise systems as well. A majority may have well-planned and designed security controls, but many also have older legacy systems somewhere in their network. These are the focus points that cybercriminals will look for and when they attack, it can cause great surprise because it was the least expected.
This is the fourth version of GandGrab ransomware malware and, they use the same business guidelines of their legitimate software business cousins: when you develop something that works, keep upgrading it with new releases for continued profitability. This theory has worked so well for cybercriminals that many of them have moved away from their roots hidden in garages and basements to become larger organizations that include such areas as R&D!
There is no possible way that companies can competently maintain a staff that is always aware of the latest viruses and malware. Cybercriminals devote themselves full time to their attack methods and security of proprietary systems is now considered to be part of the cost of doing business. Billions are lost every year due to cyberattacks, and those that have their client data stolen lose credibility and are often forced to close their doors.
“Your business needs to focus on maintaining structure and profitability. This means that you need to turn to professionals, such as Da Vinci Forensics, to do the analysis of your system and offer advice to your IT staff on the best ways to protect both enterprise and legacy systems. We work with your employees to assist in guiding, and your security is our first priority.”
Da Vinci Forensics