Threat Database Ransomware AttackNew Ransomware

AttackNew Ransomware

Protecting your devices from ransomware and other malware threats is more crucial than ever. Cybercriminals continually develop sophisticated tools to infiltrate and damage systems, leading to significant financial and data losses. Among these threats is the newly discovered AttackNew Ransomware, a potent variant within the notorious MedusaLocker family. This ransomware exemplifies the evolving nature of cyber threats and proves the importance of robust cybersecurity practices.

Unveiling the AttackNew Ransomware

The AttackNew Ransomware is a formidable threat designed to encrypt files on compromised systems, appending a unique extension such as .attacknew1 to the affected filenames. For instance, a file named 1.doc would appear as 1.doc.attacknew1 after encryption. The exact number in the extension might vary, indicating different variants of the ransomware. This ransomware specifically targets large organizations, leveraging double-extortion tactics to maximize its impact.

The Devastating Impact of Encryption

The AttackNew Ransomware employs advanced encryption algorithms—RSA and AES—to lock the victim's files. The ransomware's authors explicitly warn against attempting to alter the encrypted files or using third-party decryption tools, as this could make the files permanently unrecoverable. Unfortunately, even in cases where the ransom is paid, there is still no guarantee that the attackers will actually provide the decryption keys necessary to restore access to the data.

Ransom Note: A Threat with Dire Consequences

The ransomware drops a ransom note titled 'how_to_back.html' on the infected system, notifying the victim that their company's network has been compromised. It threatens to leak or sell the harvested data online if the ransom is not paid within a stipulated time—typically 72 hours. The note allows the victim to test the decryption process by sending three non-essential encrypted files to the attackers.

How the AttackNew Ransomware Spreads

AttackNew, like many other ransomware threats, primarily spreads through phishing and social engineering techniques. Cybercriminals disguise malicious files as legitimate software or media, tricking users into downloading and executing them. These files can be disguised as:

  • Executable files: (.exe, .run, etc.)
  • Archives: (RAR, ZIP, etc.)
  • Documents: (Microsoft Office, Microsoft OneNote, PDF, etc.)
  • Scripts: (JavaScript, etc.)

Simply opening one of these infected files can activate a chain of events that will make it possible the ransomware's installation on the system.

Common Distribution Channels

  • Phishing Emails and Messages: Fraudulent attachments and links are often sent via email, SMS, or social media, appearing to come from legitimate sources.
  • Drive-By Downloads: When visiting compromised or fraud-related websites, malware can be automatically downloaded.
  • Untrustworthy Software Sources: Downloading software from unofficial websites or Peer-to-Peer (P2P) networks often exposes users to bundled malware.
  • Fake Software Updaters: These masquerade as legitimate updates but install malware instead.
  • Malvertising: Malicious advertisements on websites can lead to malware downloads when clicked.

Best Practices to Strengthen Your Defense against Ransomware

To defend against sophisticated threats like the AttackNew Ransomware, users must implement comprehensive security measures. Here are the best practices to enhance your device's protection:

  1. Regular Data Backups: Frequent Backups: Regularly back up essential data to an external device or cloud storage that is disconnected from your main system. This ensures you can restore your files in case of a ransomware attack. Versioning: Maintain multiple versions of your backups to protect against ransomware that might encrypt your backups.
  2. Up-to-date Security Software: Anti-Malware Tools: Install reputable security software with real-time protection against malware and regularly update it to counter the latest threats. Firewall: Utilize a firewall to monitor incoming and outgoing network traffic and block suspicious connections.
  3. Operating System and Software Updates: Patch Management: Regularly upgrade your operating system and all installed software to patch vulnerabilities that ransomware can exploit. Automatic Updates: Enable automatic updates whenever possible to ensure you do not miss critical security patches.
  4. Email and Web Browsing Hygiene: Be Cautious with Links and Attachments: Avoid opening attachments or interacting with links in unsolicited emails or messages, especially from unknown senders. Disable Macros: Disable macros in documents received via email to prevent malware from executing automatically.
  5. Access Control and Privilege Management: Place a Limit to the User Privileges: Restrict user permissions to only what is necessary. Admin-level privileges should be granted sparingly. Network Segmentation: Segment your network to limit ransomware spread across systems.
  6. Educate and Train Employees: Security Awareness Training: Regularly train employees on the dangers of phishing, social engineering, and safe computing practices. Simulated Phishing Campaigns: Conduct simulated phishing attacks to assess and improve employee vigilance.

Conclusion: Vigilance and Proactivity Are Key

The discovery of the AttackNew Ransomware works as as a stark reminder of the non-stop threats lurking in the digital world. Cybercriminals are continuously refining their tactics, making it paramount for users and organizations to stay vigilant and proactive. By following the outlined security practices, you can decrease the risk of falling victim to ransomware significantly and ensure that your data remains secure, even in the face of sophisticated attacks.

The ransom note dropped by the AttackNew Ransomware on the compromised devices is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
ithelp01@securitymy.name
ithelp01@yousheltered.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

Tor-chat to always be in touch:

qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion'

Trending

Most Viewed

Loading...