Ransomware is a highly destructive form of malware, but it turns out that it can also provide the perfect cover for disk wiping malware.
The pitfalls of becoming a victim of ransomware are well documented. And, as such, the term ransomware is one that strikes fear into the heart of any PC user. But, at the very least, ransomware does give you an option of getting your files back. Naturally, you have to pay a ransom fee for the files to be decrypted, but you can get them back. However, a form of malware called Apostle has now been discovered which pretends to be ransomware when, in fact, it simply wipes your disk drive beyond retrieval.
Data is a crucial commodity in any organization, so it’s important you make it as secure as possible. And one of the perfect ways to do this is by understanding how Apostle works.
How Does Apostle Wipe Disks?
The Apostle malware is believed to originate from Iran and is related to a previous wiper malware called Deadwood. Apostle is not brand new as it has been in the digital wild for some time. But these initial versions of Apostle were flawed and failed to deliver their malicious payload. Since then, the designers of Apostle have tweaked its design to make it more effective. This contemporary version of Apostle presents itself as standard ransomware, but this is merely to throw the victims off guard; its true intent is to destroy data and cause disruption.
The hackers behind Apostle are particularly cunning and are also happy to take ransom payments while destroying the data in question. But this is not where the attack ends. There are signs that Apostle is being used in conjunction with a backdoor attack called IPSec Helper. This allows the hackers to download and execute additional malware and move, undetected, within infected networks. Again, the intention here is to cause disruption.
How Do You Stop Your Disk Being Wiped?
The focus of Apostle, so far, has been Israeli targets, but this does not mean it should be considered a low-level threat. The design of this disk wiper malware can easily be engineered into more virulent and dangerous forms. And this could easily strike at the heart of your business’ operations. Therefore, it’s crucial that you maintain the following practices:
- Evaluate All Attachments Before Opening: It’s likely that you receive numerous email attachments through the day, but how often do you verify them before opening? Trusted email addresses can, very easily, be taken over or even replicated. And this provides the perfect route for infected files to be opened. So, if in doubt over whether an attachment is safe, always check with an IT professional before opening.
- Train Your Staff on Social Engineering Attacks: The dangers of social engineering are very real and represent a simple way for hackers to get a foothold in your network. Understanding this threat and how to protect yourself against it is vital.
- Keep Your Software Updated: Another sure-fire way for hackers to gain access to your network is through vulnerabilities caused by outdated software. The best way to counter this threat is by implementing software updates as soon as possible. This minimizes the presence of vulnerabilities and keeps hackers out.
For more ways to secure and optimize your business technology, contact your local IT professionals.