In this episode of the podcast, sponsored by PureVPN*, Michael Kajiloti of the firm Intezer Labs joins us to talk about the origins and makeup of PureLocker, a new family of ransomware designed to target production servers in the enterprise.
Ransomware attacks are making headlines all over the world, as the malicious, file encrypting software wreaks havoc everywhere from school districts in small town America to hospitals in France and beyond.
Up to now, ransomware attacks have followed a pattern: attackers target organizations indiscriminately using phishing email campaigns and malicious websites. For those unfortunate enough to click on a malicious link or open a malicious email attachment, the punishment is swift and severe: ransomware crawls their network finding, infecting and encrypting every hard drive it can find.
Ransom fit for the Enterprise
But as the ransomware plague continues unabated, new variants of ransomware are emerging: less noisy and more particular about the organizations and systems they will infect.
One example of this is the recently discovered PureLocker malware: a new ransomware variant that was identified by researchers at IBM X-Force and the Israeli firm Intezer. Unlke other common ransomware, PureLocker is shy and retiring by comparison: programmed to run only on production servers deployed in the enterprise – and only under conditions most favorable to the malware’s spread.
Sold as a service, the new ransomware is difficult to detect. Under the hood, it bears a striking resemblance malware used by hacking groups like Fin6 and the Cobalt Gang and linked to the same malware as a service group.
What does this mean about the evolution of the ransomware problem and the types of companies and assets that may be targeted?
To find out, we invited Michael Kajiloti, a security researcher a Intezer, which discovered the malware, into the Security ledger studios to discuss PureLocker and how clues in the ransomware code helped researchers understand where it came from.
(*) Disclosure: This podcast and blog post were sponsored by PureVPN. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.