Hexbyte – Tech News – Ars Technica |
RANSOMWARE SAGA CONTINUES —
Victory is anything but decisive, as crooks live to fight another day.
Whitehats used a novel denial-of-service hack to score a key victory against ransomware criminals. Unfortunately, the blackhats have struck back by updating their infrastructure, leaving the fight with no clear winner.
Researchers at security firm Intezer performed the DoS technique against ransomware dubbed QNAPCrypt, a largely undetected strain that, as its name suggests, infects network storage devices made by Taiwan-based QNAP Systems and possibly other manufacturers. The hack spread by exploiting secure shell, (or SSH) connections that used weak passwords. The researchers’ analysis found that each victim received a unique bitcoin wallet for sending ransoms, a measure that was most likely intended to prevent the attackers from being traced. The analysis also showed that QNAPCrypt only encrypted devices after they received the wallet address and a public RSA key from the command-and-control server.
Intezer researchers soon noticed two key weaknesses in that process:
- The list of bitcoin wallets was created in advance, and it was static, meaning there was a finite number of wallets available, and
- The attackers’ infrastructure didn’t perform any authentication on devices that connected and claimed to be infected
The weaknesses allowed th