PDF Version: types-of-targeted-ddos-attacks
Tag: Cyber Attack Page 5 of 14
BitPaymer is a ransomware type cyber threat that typically targets Windows-based systems on a compromised network. Also known as “wp_encrypt,” it was first discovered in 2017 and has launched different versions since then.
What Are The Attack Vectors of BitPaymer Ransomware?
BitPaymer uses multiple attack vectors to infiltrate the target network or system. The most commonly used attack vectors are:
- Phishing emails targeting organization’s employees
- Software downloads via third party, fake or malicious links
- Brute force attacks
What Does BitPaymer Ransomware Do?
BitPaymer Ransomware uses multiple steps to spread laterally across a network & infect multiple systems. Let us understand how the ransomware works:
- After infecting a system, the ransomware conceals itself & stays in the victim system to gather information such as login credentials, shared drives, IP addresses, private network details, etc.
- It further scans for servers running Microsoft Exchange & Microsoft SQL.
- The malware then penetrates Active Directory running on the network for lateral movement by infecting all other systems connected to the network.
- Once the systems are infected, the ransomware now encrypts all the files on the victim systems using RC4 and RSA-1024 encryption algorithms.
- The encrypted files are saved using “.locked” file extension. Some new versions of the BitPaymer ransomware use “.LOCK” as the file extension.
- A text file is generated for every encrypted file with extension “readme_txt” to inform the victim of encryption and provide details to contact the hacker.
- The ransomware also deletes the recovery checkpoints from the Windows system.
- A personalized ransomware note is also left on the desktop which includes ransom fee and steps that should be taken for data recovery.
What Makes BitPaymer Ransomware Unique?
BitPaymer Ransomware differs from other ransomware in many ways:
- The ransomware is very well-coded as compared to majority of ransomware that use Ransomware-As-A-Service codes.
- The hackers manually attack the Active Directory running on the network & also spend time to know the victim thoroughly.
- In some strains of the ransomware, the hackers build custom binary for every victim and even use the victim organization’s name in encrypted file extension.
- The ransomware makes extensive efforts to stay concealed in the target system.
How To Stay Protected Against BitPaymer Ransomware?
- Educate employees by conducting cyber security workshops to make them capable of spotting phishing attacks.
- Ensure regular data backup at multiple locations.
- Thoroughly review all RDP connections & secure them.
- Make sure to download & install the latest security updates on all servers & systems.
To know more about cyber security solutions for businesses, contact Centex Technologies. You can contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.
As a form of cybercrime, “cryptojacking” includes the illegal use of victims’ equipment (personal computers, mobile phones, tablets, and even servers) to “mine” for bitcoin or other cryptocurrencies. A victim’s computer may be infected with cryptojacking software via phishing, code download from fraudulent websites, or other malicious techniques. Cryptojacking can also occur via code embedded in digital advertizements or web pages that are only activated when the victim visits a particular website.
Why should you be worried about hackers cryptojacking your devices?
A sluggish computer and a larger electricity bill are classic indicators of cryptojacking attacks on a personal laptop used at home. Targeted crypto mining on a massive scale might cause severe damage to a business. System failures and downtime impair sales and corporate productivity and transform expensive, high-performance servers into costly, low-performance servers. As computational resources are diverted from their intended use to suit the needs of cryptocurrency miners, operational costs inevitably increase. Furthermore, the presence of cryptocurrency mining software on the network is indicative of more serious cybersecurity concern.
How to tell if your devices have been Cryptojacked?
The objective of cryptojacking is to mine more cryptocurrency while going undetected for as long as possible. Cryptojacking malware is made to utilize as much power as it requires while remaining undetected. There are several indicators that cryptojacking malware has been installed on your computer. Some of these are:
- Slower working of devices
The efficiency of computing devices is lowered by cryptojacking. Be wary of gadgets that operate slowly, crash, or have particularly poor performance. You should also pay attention to decreased system performance. Batteries that deplete more quickly than they normally would are another sign.
- Increase in heat dissipation by the processor and CPU fan
If your computer gets too hot, which might be the result of a cryptojacking website or software, the fan will speed up to cool things down. A cryptojacking script may be present on a website or computer if the user notices that their device is overheating and the CPU fan is constantly operating at a greater speed.
- Heavy utilization of CPU or computational resources
If your CPU usage goes up when you visit a site with few or no media files, this could be a sign that cryptojacking scripts are running. You can test for cryptojacking by keeping an eye on how much the CPU is being used. You can use the Activity Monitor or Task Manager to check this.
- Quicker battery discharge
Due to an increase in CPU utilization and fan speed, the power consumption of devices and computing systems increases dramatically. This causes the battery to deplete faster. Therefore, if you observe that the device’s battery is draining quickly, this could be a symptom of cryptojacking
- Increased electricity costs due to cryptojacking
An increase in power consumption by the infected devices leads to higher electricity usage. An unexpected spike in electric power consumption can also be a possible indicator of devices being infected by cryptojacking malware
Centex Technologies provide cybersecurity and network security solutions to businesses. For more information, you can contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.