The name Phoenix Cryptolocker may sound familiar since on March 21 of this year, the CNA suffered a sophisticated cybersecurity attack by this threat which caused a network outage and impacted some CNA systems, including email. corporate electronic where it encrypted more than 15,000 devices on its network.
Based on the alleged connection to the Evil Corp threat group, initial network access is via Remote Desktop Protocol or by using compromised credentials to access VPS. This ransomware impersonates legitimate software signed with a digital certificate issued by “Saturday City Limited” and tricks the user into launching the software.
Once the ransomware runs, it lists the system folders and directories for specific file extensions, encrypts the target files, and adds a “.phoenix” extension to the encrypted files, and as with all ransomware, leaves a ransom note.
Phoenix CryptoLocker is believed to be a new family of ransomware released by Evil Corp based on similarities in the code. Evil Corp has historically used WastedLocker ransomware when attacking compromised organizations. Since the US government sanctioned the hacker group in 2019, most commercial ransomware companies would no longer facilitate WastedLocker ransom payments to avoid fines or legal action.
The attack on CNA could have a huge impact on other companies, especially those that have cyber insurance policies throughout the company. Carrying out attacks against companies with cyber insurance policies is often profitable for ransomware gangs, as insurance companies are more likely to pay the ransom. There could be no better way to create a list of insured companies to target than to hack into an insurer’s network and steal information about their clients’ policies.
The best thing to do against these threats is:
▸Grant only minimum levels of access / permissions to all users
▸Isolate infected machines from the network
▸Maintain and update the backup of all data
▸Update all credentials with a strong and secure ones
▸Use the updated version of antivirus security, prevention and detection tools
▸Use multi-factor authentication for all accounts in the system
Also check:
CryptoLocker – Unexpected Ransomware
History of Ransomware and how it has evolved
