Ahnlab Malware
Ransomware indiscriminately. This newsletter introduces the latest ransomware trends and best practices for ransomware response using the AhnLab MDS (Malware Defense System). Today, ransomware is propagating under various names based on attack method and specific actions such as Teslacyrpt, Cryptowall and Teerac. Ransomware is a type of. AhnLab ASEC Analysis Team has been monitoring BlueCrab(=Sodinokibi) ransomware in form of Javascript distributed via phishing download page. The phishing download page is masquerading as the one to download utilities, and appears on the top of Google search results as Figure 1. Magniber Ransomware Changed Vulnerability (CVE-2019-1367 - CVE-2020-0968) and Attempted to Bypass Behavior Detection Posted on December 22, 2020 At the beginning of this year, ASEC analysis team published the change of vulnerability which is used by the developer of Magniber to distribute the ransomware.
Overview
AhnLab EDR is an endpoint detection and response solution that provides actionable insights and holistic visibility for enhanced response.
AhnLab EDR is an Endpoint Detection and Response (EDR) solution that continuously monitors endpoints for comprehensive threat detection, analysis, and response.
Ahnlab Ransomware
New and unknown malware, including ransomware, and malware variants are intensifying at an alarming pace - but organizations do not have adequate response measures in place and rely on traditional endpoint security measures.
To mitigate the risks and strengthen your resiliency in security incidents, EDR technology is necessary. AhnLab EDR provides a total process of information detection, analysis, response, and prediction at endpoints. The response process enables holistic visibility into threats with continuous monitoring and recording of every activity in endpoints, analyzing the flow and enabling stronger response.
- Resources
- [White Paper] A Simple Guide to Understanding EDRDownload >
Ahnlab Anti-ransomware Tool
| Employees watch an electronic board to monitor possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, Monday. / Yonhap |
Ahnlab Anti-ransomware Tool (beta)
Gov't issues nationwide caution against WannaCryptor
By Yoon Sung-won
The worldwide spread of 'WannaCryptor' ransomware is raising a warning flag on cybersecurity in Korea even though it has not yet inflicted heavy damage here.
The Korea Internet & Security Agency (KISA) said Monday it has received nine official reports of the attack. CJ CGV, whose ad servers were affected by the malware, has not registered a report. No public organization has reported any damage yet.
The ransomware, which is also known as 'WannaCry,' has been attacking servers of enterprises and public organizations worldwide, especially in Europe, since last Friday. According to Europol, it has affected about 200,000 computers in more than 150 countries.
The ransomware encrypts a victim's data and demands cyber payments ranging from $300 to $20,000. The attackers threaten to delete the encrypted files if they don't receive the ransom in seven days.
Consequently, concerns have escalated that servers of many Korean companies and government agencies could be exposed to the attack when they start business this week.
On Sunday, the Ministry of Science, ICT and Future Planning released a caution on the national cyber threat level. KISA also introduced a dedicated information website to the public. But this website crashed as of 9 a.m. Monday amid heavy traffic. The agency said it has received over 2,900 calls about the ransomware.
Cheong Wa Dae also called for nationwide caution on the issue.
'The damage inflicted by the ransomware, which abuses loopholes in Microsoft's Windows operating system, is spreading worldwide,' the presidential office said in a statement, Monday. 'We need thorough contingency plans to prevent damage.'
Cheong Wa Dae's chief press secretary Yoon Young-chan said, 'The National Security Office is taking actions to prevent the spread of damage.' He also advised people to turn their computers on and off while disconnected from the internet, deactivate server message block protocols and update antivirus programs.
Besides the government and public agencies, cybersecurity service providers and experts in the private sector said people should stay alert because there can be more diverse forms of ransomware attacks.
AhnLab, provider of the antivirus program V3 series, advised its users to turn on real-time monitoring and install updates. It also said Windows users should keep the operating system's security features up to date.
'Korea is expected to have less damage compared to other countries thanks to quick responses from public agencies and security companies,' an AhnLab official said. 'But there can still be more new types of cyberattacks.'
ESTsecurity, which provides the antivirus program Alyac series, said its program detected more than 3,000 ransomware attacks on Sunday.
Symantec Korea pointed out the WannaCry ransomware is especially contagious because it is capable of spreading within an intranet on its own. The company also stressed the importance of timely security updates of Windows to prevent further damage.
'Users should keep security patches and antivirus software up to date because there can be more cyberattacks with ransomware and viruses,' Symantec Korea CTO Yoon Kwang-taek said. 'In particular, the number of ransomware attacks through email is on the rise. Users should delete suspicious e-mails and back up important files in advance.'