This ransomware pretends to be a cybersecurity company… and it’s starting to get complicated to find your way around!

Vincent Mannessier

July 19, 2023 at 1:00 p.m.


Ransomware © Shutterstock

© Shutterstock

A group of researchers has identified a program of ransomware posing as a product of Sophos, a cybersecurity company.

If the ransomware in question is not particularly original or of high quality, adopting the name of a cybersecurity company will still have allowed it, for a time, to deceive professionals in the field. But this is its only particularity, ransomware as a service being a juicy market, and apparently in full expansion.

Impersonate a cybersecurity solution, original

On July 17, the MalwareHunterTeam Twitter account tweeted screenshots of a ransomware execution. This one isn’t particularly exceptional other than, as the tweet points out, its name. Indeed, the windows that open when it is run are named “Encryption Program – SOPHOS”. Except that Sophos, precisely, is a cybersecurity company, whose account also replied that it was indeed malware with which it had nothing to do.

It is not very difficult to guess the interest of such a name: to inspire more confidence in potential victims, of course, but also to delay their discovery. Because indeed, the members of Malware Hunter Team first thought that it was indeed a program created by Sophos as an exercise.

According to them, this ransomware is not an excellent program. Its operation is fairly standard: when the program is executed, its authors can attempt to encrypt a few documents or all of the infected media. When the process is completed, a ransom note document is created in each affected folder, and it opens automatically upon completion. Explaining that the documents have been encrypted ” For safety reasons “this note then details the means of obtaining bitcoins and puts pressure on the victim to react as quickly as possible.

But Sophos explained that the program was already blocked by its solutions before they even knew about it themselves.

free antivirus banner

© Banner

The ransomware-as-a-service market is booming

Not surprisingly either, Sophos Encrypt is a “Ransomware as a service”, that is to say a program which is not necessarily used by its own creators. They prefer to make it available to other people, thus providing a turnkey solution, against payment.

Ransomware now represents 24% of computer attacks and, given such success, it was hardly surprising that the process gives ideas to those who want to industrialize it. This makes this type of attack infinitely more accessible, including for those without special skills in this area. Faced with such a proliferation, it is therefore not surprising that some stand out and imitate legitimate programs for greater success.

It’s beautiful, free competition.

Sources: Bleeping Computer, Silicon

Source link -99