New virtual scam requires ransom for non-public disclosure of stolen data

Cybercrime continues to rise, with the constant identification of new malicious agents used in scams. One of the most recent threats to be identified is made by the SnapMC group, which carries out the typical extortion of virtual hijacking attacks (ransomware), but with an important difference: without data encryption.

  • Companies should invest 83% more in digital security in

, indicates research

  • Avast and ITS Rio provide 50 vacancies for online course on digital security
  • Brecha exposes 1.7 billion records of Brazilian e-commerce platform
  • Ransomware attacks usually involve infecting a computer with malware that encrypts all files present on the system, making it impossible for them to be accessed . The documents are only released after paying the ransom for the criminals responsible for the coup.

    However, for some time now, cybercriminals have started to notice that another way to profit from these attacks, and one that may be even more effective, is to threaten the leaking of stolen data. In the logic of the scammers, while file encryption can be solved with constant backup, the public disclosure of a company’s sensitive data is something more complicated to be circumvented.

    Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

    Every day a summary of the main news in the tech world for you!

    Exfiltration of information, ie unauthorized sending of data to third parties, is SnapMC’s primary method of attack . According to researchers from the NCC Group, the scam process of this new group of cybercrimes is extremely fast, with them logging into the system, stealing data and sending extortion emails in less than minutes.

    According to NCC Group research, SnapMC uses the Acunetix vulnerability scanner to find flaws in the target’s network and VPN servers, and then uses those flaws to hack and steal the Dice.

    The researchers claim that the most used vulnerabilities by the group are those that enable remote code execution and changes and injection of information into SQL databases. However, at the same time, most of these flaws identified in the study have already been fixed, with SnapMC targeting machines that are not up to date with the latest versions of the system and its software.

    Paying the ransom is risky2022

    In exfiltration attacks of data, payment is risky, as ownership of the files is entirely with the criminal, and fulfilling the demands may encourage him to try more blackmail, with that victim or even other targets.

    And, even with the payment of the required fee, there is still the possibility that the criminal has made a copy of the files and made them available for sale in data marketing forums, to further increase the attack yield.

    The specialist in dealing during ransomware attacks, Coveware, in a statement to the BleepingComputer website, strongly recommends that victims not pay the demands on these types of attacks, and cites as an example scams of the type where the fee was paid, but the scammers did not provide evidence that the files were deleted or that, some time later, they leaked the data.

    If you want to protect yourself from SnapMC, for now, the best option is to keep all your programs and systems up to date, since, as seen above, they attack vulnerabilities that most of the time , are already fixed in current software releases.

    Source: BleepingComputer

    Did you like this article?

    Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

    2022 2022


    Related Articles

    Check Also
    Back to top button