Whitehats use DoS attack to score key victory against ransomware crooks

by
Dan Goodin
from Ars Technica - All content on (#4JXFA)
ransomware-dos-800x532.jpg

Enlarge / A diagram showing how a DoS shut down an ongoing ransomware campaign. (credit: Intezer)

Whitehats used a novel denial-of-service hack to score a key victory against ransomware criminals. Unfortunately, the blackhats have struck back by updating their infrastructure, leaving the fight with no clear winner.

Researchers at security firm Intezer performed the DoS technique against ransomware dubbed QNAPCrypt, a largely undetected strain that, as its name suggests, infects network storage devices made by Taiwan-based QNAP Systems and possibly other manufacturers. The hack spread by exploiting secure shell, (or SSH) connections that used weak passwords. The researchers' analysis found that each victim received a unique bitcoin wallet for sending ransoms, a measure that was most likely intended to prevent the attackers from being traced. The analysis also showed that QNAPCrypt only encrypted devices after they received the wallet address and a public RSA key from the command-and-control server.

Intezer researchers soon noticed two key weaknesses in that process:

Read 4 remaining paragraphs | Comments

index?i=lyBOqnG497o:SovRbDv6Z2I:V_sGLiPB index?i=lyBOqnG497o:SovRbDv6Z2I:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments