29/09/2023
08:43

Two hacker groups are back in the news
LockBit 3.0 Black and BlackCat aka AlphV.


WARNING! Italian institutions and companies are targeted by cyber criminals...

In the last few weeks two cyber criminal groups that have also targeted Italian institutions and businesses, are back in the news: they are LockBit 3.0 Black and BlackCat aka AlphV, which had already been reported by media in the first decade of last July.
Like all ransomware, this is a type of malware that, once introduced into an organization, encrypts the data and then requires the victim to pay a ransom in order to decrypt it.

TG Soft 's CRAM researchers had the chance to test their Heuristic Behavioral technologies to combat even the variants of this family type of Ransomware attacks. Again these technologies, made available since 2015, proved to be effective and efficient in blocking the cyber attack, started in any mode, automatically within 100 milliseconds {1 tenth of a second => a blink of an eye} from the start of the encryption process.

LockBit 3.0 Black

The LockBit 3.0 Black attack analyzed by TG Soft's CRAM researchers, showed that access by cyber criminals was via exposed RDP.
As already reported in the Ransomware attack information via RDP access violation, drafted in 2017 and re-proposed in 2019, WE STRONGLY ADVISE EVERYONE AGAINST making accesses available via RDP because it is, even today, a potential access gatway to PCs/Servers for " bad actors."

The analyzed attack spread the ransomware Lockbit 3.0 aka LockBit Black {28/10}, as highlighted in the side image and the {02/11} the Makop... both were blocked in the initial phase of the attack, by Vir.IT's AntiRansomware eXplorer PRO system.
Contact with cyber criminals is made via chat from the URLs given in the ransomware instructions.


Attack result...
The tandem of ransomware used in this case - Lockbit + Makop - was effectively blocked in the initial phase of the attack by the Heuristic-Behavioral technologies built into the Vir.IT eXplorer PRO suite....

Moral of the story
All PC and/or Server machines where Vir.IT eXplorer PRO was properly installed, configured and updated have effectively "blocked" / MITIGATED this multiple encryption attack!

BlackCat / AlphV

Another threat around is the BlackCat ransomware also known as AlphV.

Below some payload info from TG Soft's CRAM Analysts on BlackCat / ALPHV Ransomware.
Encrypted file structure ransomware  BlackCat / ALPHV:

[ORIGINAL_FILENAME].[ORIGINAL_extension].specific/different for each affected company

We underline that this ransomware uses a different extension for each affected Company/Entity.

Ransom instructions are released within each folder where the ransomware has encrypted files. The ransomware file is released in text format with structure:

FileNameRequestToRansomStrRandom.txt

From the attack we simulated in our real infrastructure with a sample retrieved from an actual attack, the heuristic-behavioral protection of Vir.IT eXplorer PRO AntiRansomware Protection CryptoMalware, intervened in the range of 100 milliseconds {1/10th of a second} from the start of the encryption process. The few files encrypted in the initial phase of the attack can be recovered/restored through the RECOVERY & RESTORE tools of Vir.IT eXplorer PRO: BackupOnTheFLY and/or Vir.IT Backup!

The computer where the malicious process was initiated, simulating a HumanOperatedRansomware Attack, was automatically isolated from the rest of the network so that the ransomware attack could not propagate to the entire infrastructure, thus ensuring BusinessContinuity.
Obviously, as with any other software, its effectiveness and efficiency is subject to the 4 rules of good use:
  1. Correctly INSTALLED on ALL PCs as well as on Server(s) even if they are not used for WEB browsing;
  2. Correctly CONFIGURED;
  3. Correctly UPDATED;
  4. and properly USED...

Vir.IT Anti-Ransomware Crypto-Malware Protection

 


TG Soft has been developing and integrating since May 2015 in the Vir.IT eXplorer PRO suite - THE ONLY product with proprietary engine developed 100% in Italy - AntiVirus, AntiSpyware and AntiMalware, AntiRansomware Crypto-Malware protection technologies that, through the heuristic-behavioral approach, block the encryption process in the initial phase of the attack saving, on average, at least 99.63% of the data files otherwise potentially encrypted

In addition, as a last parachute, you can restore from Vir.IT BackUp, which is built in Vir.IT eXplorer PRO suite, data files that cannot be restored or recovered using other restore/recovery tools.
 

For more info on these technologies, 100% developed in Italy, you can contact the administrative office of TG Soft Cyber Security Specialist by writing to segreteria@tgsoft.it or by calling the direct number 049.8977432.   



C.R.A.M.
TG Soft's Anti-Malware Research Center

Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: