How to Remove BlackRouter Ransomware?
Ransomware attacks continue to dominate the cyber security landscape this year, with businesses paying millions of dollars to unlock encrypted files. Research reveals that almost 40% of successful malware based attacks involve Ransomware. Moreover, when it comes to Ransomware & its distribution, the threat intelligence strategy is not much needed making it popular among threat actors.
The world has seen its fair share of Ransomware attacks- the WannaCry being the deadliest of all. Ransomware is a ubiquitous security threat with one aim- extract payments from victims. Its impact continues to be significant with global organizations held to ransom every day.
There are many variants of Ransomware with new strains appearing with regularity denying users access to important files until ransom is paid. Recently researchers discovered a new Ransomware called BlackRouter being promoted as a Ransomware-as-a-service in a hacking channel on telegram by an Iranian Developer. Originally spotted in May 2018, a new version of BlackRouter was found that exhibits same traits with slightly different characteristics, for instance a better looking GUI (Graphical user Interface) & the addition of a timer.
A complete malicious kit capable of launching BlackRouter ransomware attack is available in the hacking channel. Availability of these packages reduces the need to code malware. Subscription to this malicious model allows even a novice cyber criminal to launch a ransomware attack without much difficulty. Once the attack is successful, the ransom money is shared among attackers & developers in the ratio of 4:1 respectively.
The threat actor in addition to promoting BlackRouter is also promoting a remote access Trojan called BlackRat that allegedly includes features such as AV evasion, encrypted communications, the ability to enable RDP, steal cryptocurrency wallets, keylogging, password stealing and a lot more.
The world has seen its fair share of Ransomware attacks- the WannaCry being the deadliest of all. Ransomware is a ubiquitous security threat with one aim- extract payments from victims. Its impact continues to be significant with global organizations held to ransom every day.
There are many variants of Ransomware with new strains appearing with regularity denying users access to important files until ransom is paid. Recently researchers discovered a new Ransomware called BlackRouter being promoted as a Ransomware-as-a-service in a hacking channel on telegram by an Iranian Developer. Originally spotted in May 2018, a new version of BlackRouter was found that exhibits same traits with slightly different characteristics, for instance a better looking GUI (Graphical user Interface) & the addition of a timer.
A complete malicious kit capable of launching BlackRouter ransomware attack is available in the hacking channel. Availability of these packages reduces the need to code malware. Subscription to this malicious model allows even a novice cyber criminal to launch a ransomware attack without much difficulty. Once the attack is successful, the ransom money is shared among attackers & developers in the ratio of 4:1 respectively.
The threat actor in addition to promoting BlackRouter is also promoting a remote access Trojan called BlackRat that allegedly includes features such as AV evasion, encrypted communications, the ability to enable RDP, steal cryptocurrency wallets, keylogging, password stealing and a lot more.
Comments
Post a Comment