In the early days of computer viruses, there were different classifications of viruses based on their behavior. Worms had the ability to self-replicate, while polymorphic viruses had the ability to change their appearance to avoid eradication. Additionally, multipartite viruses consisted of a combination of viral techniques. There are, of course, other virus types in the canon of computer security history.
Since viruses have changed from simple destructive mechanisms to money-generating tools, it seemed that all those special classifications have been replaced with only one – ransomware.
I have written in the past that a ransomware event is not a data breach because no data is taken from the target machine. This sentiment is also expressed in the proposed New York State Cyber Security regulation.
However, as recently reported by The State of Security’s David Bisson, ransomware has now taken on a new character much like the early viruses. The latest KillDisk variant contains code that searches for sensitive data (such as passwords stored in web browsers and files) and exfiltrates that information.
It is posited that the exfiltrated data could potentially be used to extort more money from victims. This new dual-purpose ransomware exhibits characteristics that put it into the category of a multipartite strain.
To be sure, this is a new and even more troubling development in the ransomware field; a target may now be twice victimized.
While there have been reports about self-replicating ransomware as far back as 2014, that technique never seemed to gain much traction with malware authors.
The KillDisk ransomware has only targeted large Ukrainian banks (demanding an extremely large ransom), but we should all stay vigilant as we have seen how rapidly these new techniques are adapted to other attack campaigns.
As with all malware, it all starts by executing a file on your computer.
Here are some tips to protect you from this new multipartite ransomware:
- Do not store passwords in a file on your computer or allow your browser to remember your passwords. Now is a good time to review some of the password managers that are available.
- Verify all unexpected E-Mail attachments by contacting the sender by phone to verify the legitimacy of the message. (Do not contact the sender by E-Mail, as their mail account was probably compromised.)
- Be more mindful with all files. Rather than just automatically enabling content in a Microsoft Office document (which we are all in the habit of doing), stop for a moment to verify that you are in fact opening the file you intended to open.
- Never click on unsolicited or unexpected links in E-Mail messages.
Remember that the entire key to security awareness is to stop and think before proceeding.