Conceal Threat Alert: New Malware Families
DarkReading recently summarized a Fortinet analysis of three new ransomware variants that were added to the exponentially growing list that pose a threat to businesses of all sizes. The report analyzed three new ransomware tools new in 2022: Vohuk, ScareCrow, and AESRT. While none of them introduced anything new or novel, they nevertheless contributed to the growing financial cost and reputational harm that is the hallmark of the ongoing ransomware plague.
The first, Vohuk, has primarily targeted users in Germany and India, according to Fortinet. The ransomware encrypts the user’s data and replaces their desktop background with a message pointing them to a readme.txt file. That file contains instructions for submitting a payment to unlock the data via an email message.
ScareCrow similarly encrypts user data and provides instructions in a readme file, but in this case, the contact link is via Telegram channels. This ransomware family targets users around the world, and appears to have similarities to – and substantial improvements on – the Conti ransomware that was reportedly leaked earlier this year.
The AESRT ransomware variant does essentially the same thing, but provides data-unlocking instructions via a popup menu. The similarity between each of these unrelated ransomware families is evidence that attackers have found a formula that works and is repeatable.
How can remote browser isolation and phishing protection protect your workforce?
This research doesn’t address the methods that are being used with these specific malware families, but does note that phishing is the most-used delivery vector for ransomware in general. We’ve discussed several social engineering techniques in previous Threat Alerts that are used to abuse users’ trust and get them to visit malicious sites. These types of attacks almost always take place in the browser. So, while browser-based protection isn’t a silver bullet to block every possible delivery vector, it does address the most common and the one that is best for social engineering attacks.
ConcealBrowse can play a key role in any company’s anti-ransomware security posture. With more and more of each employee’s work taking place in the browser, moving zero-trust principles to the edge of your network can have a massive impact on your organization’s overall security. While ConcealBrowse can play a key role on machines within your network, it also provides an easy-to-manage and affordable option to deploy to every member of your distributed workforce. Because ConcealBrowse works at the endpoint, it can protect your assets even from threats to devices connecting to your network and services remotely.
If you’re interested in finding out more about how ConcealBrowse can protect your organization from malware, click here to schedule a demo today.