By Megha Malhotra:-
A well known law firm that works with a variety of A-listed celebrities like Lady Gaga, Drake and Madonna, has been hit by a ransomware attack and are currently intimidating to reveal the 756 GB allegedly sneaked including non-disclosure agreements, client contracts and personal correspondence.
The victim, New York-based firm, “Grubman Shire Meiselas and Sacks,” offers legal services to the entertainment and media ventures. As per the researchers with Emsisoft, cybercriminals have hit the law firm through a cyberattack using the REvil ransomware (otherwise called Sodinokibi). The allegedly stolen data incorporates client’s contact numbers, email addresses, personal correspondence, contracts, and non-disclosure agreements entered with promotions, ads and modelling firms.
The threat of spilling the stolen data, which researchers call “double extortion,” isn’t new for REvil. Hackers use the REvil ransomware made a “Happy Blog” this year, where they have recently publicised particulars of ransomware attacks on 13 targets, and company Information sneaked from the targeted organizations. Incidents like these are significant reminders for the companies to monitor their security insurance strategies, Tim Erlin, vice president of product management and strategy at Tripwire, said.
What is Ransomware?
Ransomware is a type of malware that encrypts a victim’s records followed by the demand for ransom from the victim by the hacker to retrieve the data upon installment. Clients are instructed the best way to pay and get the decryption key which can range from two or three hundred dollars to thousands, payable to cybercriminals in Bitcoin.
How does a Ransomware functions?
There are a variety of vectors ransomware that can be taken to get to a PC. The most widely recognized delivery frameworks is phishing I.e. a cyber attack that uses disguised email as a weapon with the goal to trick the email recipient into believing that the message is something they want or need leading them to open or download the attachment that ends up allowing them to assume control over the victim’s PC, particularly when they have built in social engineering instruments that stunt clients into permitting access. Other aggressive and forceful types of ransomware like NotPetya, abuse security entries to taint PCs without expecting to deceive clients
There are several things the malware may do once it has assumed control over the victim’s PC, however by a wide margin, the most well-known action is to encrypt entirety of the victim’s records. The most significant thing to know is that towards the end of the procedure, the file can’t be decrypted without a scientific and mathematical key known distinctly by the hacker. The client is given a message clarifying that their records are currently inaccessible and may be decoded if the victim sends an untraceable Bitcoin installment to the hacker.
In certain types of malware, the hacker may profess to be a law authorization organization closing down the victim’s PC because of the presence of erotic stuff or pirated software on it, ordering a “fine” be paid making it extremely adverse for the victims to report the assault to authorities. Most attacks don’t waste time with this affectation. There is additionally a variety, called leakware or doxware, wherein the attackers takes steps to publish sensitive information on the victim’s hard drive except on the payment of ransom. But since finding and extracting such data is an extremely precarious proposition for the hackers, encryption ransomware is by and large the most well-known type.
Targets of Ransomware
There are several ways by which attackers select the organizations they target with ransomware. Sometimes it’s a matter of chance: for instance, attackers might target universities since they tend to have mini security teams and a distinct user base that doing a tremendous amount of file sharing, making it easier to puncture into their defences.
Whereas, some organizations are appealing targets because they are more likely to pay a quick ransom like government agencies or medical facilities often require immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a bargain quiet.
How to prevent Ransomware
There are a number of preventive measure to defend ransomware infection like :
- Keep your operating system patched and up-to-date to ensure you have the least vulnerabilities to exploit.
- Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.