Ransomware improv: WinRAR used to lock $1 million worth of data

Newly discovered Python-based ransomware, Memento, employed file archiving software once initial encryption attempts did not work out as expected.

Researchers at cybersecurity company Sophos announced discovering a new ransomware group calling themselves the 'Memento team.' The group caught researchers' eye with its improvisation upon running into security software.

The attackers deployed ransomware in late October. However, initial attempts to encrypt files were unsuccessful as the victims' system security measures stopped the attack.

The setback did not stop hackers from moving forward. Attackers copied unencrypted files into password-protected archives using a renamed free version of the popular archiving software WinRAR. The final step was to encrypt the password and delete the original files.

"Attackers seize opportunities when they find them or make mistakes, and then change tactics' on-the-fly.' If they can make it into a target's network, they won't want to leave empty-handed," Sean Gallagher, a senior threat researcher at Sophos, said.

Threat actors demanded $1 million in bitcoins to retrieve the files. According to Sophos researchers, however, the Memento team was left dry as the victim could recover data without the involvement of the hackers.

After investigating the affected systems, researchers found that other threat actors infiltrated the servers using the same vulnerable access points, using similar exploits.

One group installed XMR crypto miner while the other installed XMRig crypto miner.

According to Gallagher, multiple intrusions make it harder to restore systems and prolong recovery time, adding to the overall loss endured by the breach.

Golden age

Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.

Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.

The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline and arrest the Cl0p ransomware cartel members.

Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.

An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.

More from CyberNews

Rogue nations and criminals are aggressively exploiting cryptocurrencies - FBI veteran

Iranian hackers sought to undermine faith in the US presidential election

Attackers spoof US Postal Service amid holiday shopping havoc

Netflix and phish? Scammers target movie streamers

IT staff say their organisations worldwide compromise on cybersecurity

Subscribe to our newsletter