TechGuard Blog

Another Day – Another Ransomware Attack

We say it time and time again – it’s not IF you’ll be the target, but WHEN? Ransomware attacks, cyberattacks, breaches – you name it – they’re happening every day, every week and growing at an alarming rate. But, why? Invincibility and lack of security. These attacks are happening to businesses globally and primarily target small-mid size businesses that tend to think “this won’t ever happen to us.” We hear it all too often, leaving us cringing and wanting to help even more in this chaotic cybersecurity arena. Most will admit they don’t know enough about it – and that may be true. We often put on our blinders when facing a topic or situation that we know little about in order to somehow believe that it won’t affect us. But, when do we stop being naive and start being proactive when it comes to protecting our most sensitive and confidential information? Let us ask you this – do you have fire insurance on your home? Are you wanting to keep your valuables, pictures, memories, personal items safe? Will you do whatever you can to ensure those things are protected? Absolutely. Protecting yourself and your business from ransomware and compromises should be no different.

In most recent cybersecurity news, groups by the name of “Maze” and “Sodinokibi” were naming and shaming victims on a public website, and a new group that goes by the name of BitPyLocker is following in their footsteps. The new threat emerged on January 9th and was initially reported by MalwareHunterTeam and the new strain primarily scans infected computers for certain type of files and then encrypts them. These files can include pictures, videos, sensitive documents, spreadsheets – you name it. BitPyLocker initially began by targeting individual machines but now attempts to infect entire networks. Their plan of attack involves them leaving behind a note once they’ve encrypted files which provides the instructions to carry out the intended ransomware – it’s your typical ‘purchase Bitcoin, send the ransom to a specific wallet and wait patiently for the decryption tool that will restore all data’ scenario.

Thankfully for this situation, their ransom demands were lower than other typical attacks, ranging around 5 Bitcoin which translates to $43,000 to today’s exchange rate. Most other ransomware attacks have held their rate at an upward of $1 million, but it’s believed that BitPyLocker kept their rate low in order to encourage their victims to think this was an affordable way to pay to get their data back. However, BitPyLocker’s tactics don’t just stop at lowering the price tag. They also offer proof that their decryption process does work and allow their victims to submit a file to be decrypted for free. Not only that, their threats of releasing private data and files is the cherry on top when instilling that fear factor of having your most sensitive files going public. Now, whether they actually release that information to the public or not, their tricky methods are enough to persuade any victim in that vulnerable state – and unfortunately, these ploys may become more common if they’re proven to be successful.

Written by Allie Prange