Ransomware attacks that have arisen recently during COVID-19

 Ransomware attacks that have arisen recently during COVID-19 

1. Introduction 

Ransomware is a kind of disruptive malicious attack which encrypts the offending files and asks for a huge amount of payments back from the victimized party to decrypt files. Internet-connected systems always vulnerable to be getting attacked by any kind of malware. But compared to the other times, the COVID-19 period makes the world hard to involve in regular activities. Then the most attackers take this as a good opportunity to spread their nasty doings since the world spends their whole time recovering the pandemic rather than the other attacks.

2. Recent Attacks faced by globally recognized Organizations.

Honda Manufactures were affected globally by the snake Ransomware. 

One of the ransomware attacks occurred recently during this world grieved epidemic was a snake ransomware attack which was suffered by the “Honda” providers. “Snake”, which developed using the cross-platform supportive language called Golang, is the newly added ransomware to the well-known list of malware in early 2020. (WALTER, 2020)It was a kind of dangerous attack which aim total manufacturing control schemes of the target company(Alex Scroxton, 2020). All the infected files are modified and saved by using the extension with random features. This causes it to be hard to recognize a particular attack by using the file name(Alex Scroxton, 2020). This attack terminates the whole network process rather than considering individual files. Apart from the normal behavior of the other ransomware, this includes lots of enhanced features. This totally interrupts the enterprise's central processing tools and their utilities. And, unlikely conventional ransomware this instructed sufferers to connect directly via emails(Alex Scroxton, 2020). This is effective and dangerous, compared to the other attacks. Such that it apparently primitive, but actively performs a vast number of processes to completely lock down the manufacturing systems which has not been experienced by the directing factories previously(WALTER, 2020). The researchers have found the unorganized databases including machinery’s internal network details and the critical information of dealers and the customers relate to the logging credentials and server monitoring data has been exposed to the public internet due to the fact that was not secured with the proper security mechanisms(Ilascu, 2020). All the IT networks attached to the global Honda car manufacturers located in Japan and Europe were affected by this attack. And this malware caused severe damage to the Honda financial progress as well as the customer demand instabilities, drastically increasing the impact of the snake attack. (Alex Scroxton, 2020). In order to prevent the spread of the attack furthermore, they might wait for a long time by suspending the vehicle production of Honda around the world. One of the japan security authorities got the responsibility to recover or reduce this hard impact which cooperated access to its IT network systems and they attempt to reinstate the functionalities of all the manufacturing and sales activities.(Alex Scroxton, 2020) Since this is a critical situation and the environment in the whole process of the Honda dealers, they decided to maintain regular surveillances to resist the further cyber-attacks due to this made them unstable financially as well as socially. 

UCSF’s Medical Study section was attacked by the NetWalker Intruders. 

Windows server attack called “NetWalker” caused for the several servers attached to the Medicine apartment of The University of California San Francisco recently(Davis, 2020). This is kind of the attack which releases their executable payload after a suitable investigation about the treasured data and the network system of the victims. And the effectiveness of this ransomware is highly related to the other ransomware due to that’s already expanded to the RAAS models(Davis, 2020). UCSF was one of the leading authorities who have launched the researches on the behavior of COVID-19 and clinical testing regarding other medical issues. This attacker stole their ongoing research results and exposed them through the darknet(Davis, 2020). But it was revealed that, apparently the basic COVID-19 research results, patient intensive distribution procedures, other university networks were still safe(Miliard, 2020). The huge impact of this malicious activity was server unapproachability to the authority. And the final approach was demanding the huge amount of payment in order to decrypt the files and relocate them in the system(Davis, 2020). 

In that situation, the disruption that happened due to the lost data was severe, compared to the demanded payment by hackers. Because They had to protect the privacy of the affected stakeholders and the other parties(Davis, 2020; Miliard, 2020). Therefore, the university had to pay the portion of the payments to get the tool to decrypt the stolen data in order to function the inability services removing the ransomware from the windows servers(Davis, 2020). As a result of that, they have to pay $1.14M. After that, they isolated the victimized part of the campus network from the nonvictim parts(Davis, 2020; Miliard, 2020). Moreover, UCSF woke together with the outsource cybersecurity advisers and expert professionals to investigate further security disturbances(Davis, 2020). And the affected servers and the systems were fully reestablished by the secured systems to avoid the future assaults

World famous Company called “Garmin” was suspected by powerful infection

Garmin is one of the biggest company which is manufacturing avionics devices, fitness tools, automotive appliances, marine devices, GPS, and wearable devices globally(Gatlan, 2020; Saarinen, 2020; Varghese, 2020). Recently it faced a newly released large-scaled ransomware attack called “WastedLocker” which combined to the “Evil Corp” criminals (Varghese, 2020). It was one of the JavaScript-based dangerous malicious frameworks which spread alerts through the hacked newspaper website attached to the United States(Gatlan, 2020). It encrypts the files appending the Wastedlocker samples having “.garminwasted” extension and generate the ransom notes addressing ‘GAMIN’(Gatlan, 2020). Servers and the Data storage was victimized by the attack by shutting down their ICT system belongs to the Taiwanese company. Non as the other attacks normally wastedLocker generates a large number of junks in the hard drive consuming maximum memory capacity to overload the resources(Saarinen, 2020). And severely damages the performance of the system. This is why, this ransomware considered as the affective one(MG, 2020).

Central production lines, web-based services, mobile service, and the call centers properties along with the user interaction platforms such as emails, chatting messaging was got affected by this.(Saarinen, 2020). Furthermore, apparently, 18 specific tracking functions went down reducing the production procedures(Varghese, 2020). Most of the flyGarmin services, weather report generations, pilot mobile apps, corresponding satellite-connected functions like GPS location-based systems were also shut down due to this effect(Gatlan, 2020). This caused the users' inability of maintaining interaction between their services (Saarinen, 2020). And finally, the ultimate demand was a $ 10 M payment from the GRAMIN(Gatlan, 2020). The outage to the associated devices of the Garmin affects all the users globally since they have controlled them centrally. Therefore, once they detected this attack, all the network devices were attempted to perform distant shut down including all the VPN connected computers by the IT authorizers to avoid being encrypted all(Gatlan, 2020). Since it was impossible to do so, all the employees were informed to terminate all the connections relates to the central units and did the hard shutdown globally(Gatlan, 2020). This was helping them to evade the amount of attack in some possibility. To eliminate ransomware from the infected computers is not an easy task. But there is a number of steps to follow. Keeping the backup data was the basic step. But if it is not available at the moment, users need to use well-reputed, powerful anti-malware techniques, recovery techniques, and knowledge of powerful experts. And also deep glance over the process and the reinstating are essential to conducting to ensure the recovery of data(MG, 2020).

3. Conclusion 

To protect the infected systems of the company, the threat analyzers highlight that the affected companies need to invest more attention for safety rather the preventions after the attack. Though previous ransomware attacks target small companies, recently hackers pay their attention to globally recognized companies’ productions. This indicates the intruders scale the attack with the powered methods. But the cyber specialists emphasized the companies not to pay recovery costs to decrypt their files unless reduce being attack. Because it may escalate attackers to do these more and more again.  

REFERENCES

1. Alex Scroxton, S. E. (2020). Honda investigates suspected Snake ransomware attacks. Retrieved from https://www.computerweekly.com/news/252484389/Honda-investigates-suspectedSnake-ransomware-attack

2. Arief, B., Adzmi, M. A. B., & Gross, T. (2015). Understanding Cybercrime from Its Stakeholders' Perspectives: Part 1--Attackers. IEEE Security & Privacy, 13(1), 71-76. doi:10.1109/MSP.2015.19

3. Basyoni, L., Fetais, N., Erbad, A., Mohamed, A., & Guizani, M. (2020, 2-5 Feb. 2020). Traffic Analysis Attacks on Tor: A Survey. Paper presented at the 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT). 

4. Corianna Jacoby, M. C. (2016). The Onion Router and the Darkweb.

5. DARK WEB SITES | DARK WEB LINKS 2020 | THE HIDDEN DEEP WEB SEARCH ENGINE. (2020). Retrieved from https://www.thedarkwebsites.com/page/2/

6. Davis, J. (2020). UCSF Pays $1.14M to NetWalker Hackers After Ransomware Attack. Retrieved from https://healthitsecurity.com/news/ucsf-pays-1.14m-to-netwalker-hackers-afterransomware-attack

7. Gatlan, S. (2020). Garmin outage caused by confirmed WastedLocker ransomware attack. Retrieved from https://www.bleepingcomputer.com/news/security/garmin-outage-caused-byconfirmed-wastedlocker-ransomware-attack/

8. Ilascu, I. (2020). Honda investigates possible ransomware attack, networks impacted. Retrieved from https://www.bleepingcomputer.com/news/security/honda-investigates-possibleransomware-attack-networks-impacted/ 

9. Khillar, S. (2018). Difference Between Static Malware Analysis and Dynamic Malware Analysis. Retrieved from http://www.differencebetween.net/technology/difference-between-staticmalware-analysis-and-dynamic-malware-analysis/ 

10. McKay, R. (2019). With all the shady stuff going on, is the dark web actually illegal? . Retrieved from https://www.newidea.com.au/what-is-the-dark-web-is-it-illegal 

11. MG. (2020). How To Remove WastedLocker Ransomware And Restore Encrypted Files. Retrieved from https://malware-guide.com/blog/remove-wastedlocker-ransomware-andrestore-encrypted-files 

12. Miliard, M. (2020). UCSF pays $1.14 million to decrypt files after ransomware attack. Retrieved from https://www.healthcareitnews.com/news/ucsf-pays-114-million-decrypt-files-afterransomware-attack

 13. Murdoch, S. J., & Danezis, G. (2005). Low-cost traffic analysis of Tor. 

14. Rafiqul Islam RonghuaTian , L. B., SteveVersteeg (2012). Classification ofmalwarebasedonintegratedstaticanddynamicfeatures. 

15. Ray O’Hara, C. (2015). Deep Web Security → Detecting & Assessing Threaths. Retrieved from https://assolution.com/blog/detecting-assessing-security-threats-via-deep-web/ 

16. Rohith, C., & Batth, R. S. (2019, 11-12 Dec. 2019). Cyber Warfare: Nations Cyber Conflicts, Cyber Cold War Between Nations and its Repercussion. Paper presented at the 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE). 

17. Saarinen, J. (2020). Garmin goes down after suspected ransomware attack. Retrieved from https://www.itnews.com.au/news/garmin-goes-down-after-suspected-ransomware-attack550841 

18. Sabillon, R., Cavaller, V., Cano, J., & Serra-Ruiz, J. (2016, 12-14 June 2016). Cybercriminals, cyberattacks and cybercrime. Paper presented at the 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF). 

19. Varghese, S. (2020). [Garmin hit by suspected WastedLocker ransomware attack]. 

20. WALTER, J. (2020). New Snake Ransomware Adds Itself to the Increasing Collection of Golang Crimeware. Retrieved from https://labs.sentinelone.com/new-snake-ransomware-adds-itselfto-the-increasing-collection-of-golang-crimeware/ 

21. Wong, W. (2018). New Malware-as-a-Service Threat Targets Android Phones. Retrieved from https://securityintelligence.com/news/new-malware-as-a-service-threat-targets-androidphones/