Dear Blast Readers,
From everyone here at FDS Global we would like to wish you a Safe and Happy Fourth of July! As we celebrate this national holiday, Cyber Threats are continuing to get more advance.
The recent outbreak of the ransomware known as “Expetre” is not really a ransomware attack. It is really a form of malware known as a “Wiper Attack”, which can disguise itself so its victims are unaware of how serious it is.
A “Wiper attack” is a type of attack that sabotages PC computers. It is different from ransomware because it was created to destroy the data that is located on the computers disk. While ransomware is a form of malware that blocks data, and threatens to delete or publish the data unless the user pays the ransom.
How does a “Wiper Attack” destroy data?
It destroys the data on the disk by overwriting the Master Boot Record, also know as the MBR. This form of malware is called a “Wiper” because it wipes part, if not all, of the drive.
It can be mistaken as a ransomware because the infected computer displays a message on the screen. This message states that the user’s files have been encrypted, and if the users pay a ransom then the encrypted files will be decrypted and returned. The user is then provided with an email address to send their payment information to.
But, little does the user know the ransom will have no affect when it comes to decrypting their files.
Why will the ransom have no affect?
The ransom will not have any affect because the email address provided to the user is inactive. Unfortunately, even if the email was active and the ransom could be paid in full, recovery of the MBR is impossible once wiped.
So, how are you supposed to protect yourself and/or your organization from this type of malware attack?
Here are a few tips:
- Any crucial and confidential information should be stored in hardened systems. Systems that can only be accessed one way, through privileged connections.
- Important data should be backed-up and stored somewhere offsite.
- It is important to institute and test an emergency recovery & response plan.
If you have any questions about Ransomware, Malware, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954)727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global. Enjoy your holiday!