Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

SnapMC Hackers Skip File Encryption And Just Steal Your Files

SnapMC Hackers Skip File Encryption And Just Steal Your Files

A new actor tracked as SnapMC has emerged in the cybercrime space, performing the typical data-stealing extortion that underpins ransomware operations, but without doing the file encryption part.

File encryption is considered a core component of ransomware attacks, as it’s the very element that brings operational disruption to the victim.

Data exfiltration for purposes of double extortion came later as an additional form of leverage against a victim, but always took a back seat to the mayhem caused by an encrypted network

Soon, ransomware actors realized the power of this approach as many companies could restore the corrupted files from backups, but couldn’t possibly revert the file-stealing event and its consequences.

Researchers at NCC Group have been tracking a new adversary which they call SnapMC, named after the rapid strike approach the group follows, who enter networks, steal files, and deliver extortion emails in under 30 minutes.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

Targeting known vulnerabilities

The SnapMC gang uses the Acunetix vulnerability scanner to find a range of flaws in a target’s VPN and web server apps, and then successfully exploits them to breach the corporate network.

The most exploited flaws observed in the actor’s initial access efforts include the PrintNightmare LPE, remote code execution in Telerik UI for ASPX.NET, and also various SQL injection opportunities.

The actors use SQL database exportation scripts to steal the data, while the CSV files are compressed with the 7zip archive utility prior to exfiltration. Once everything is neatly packed, the MinIO client is used for sending the data back to the attacker.

Considering that SnapMC leverages known vulnerabilities that have already been patched, updating your software tools would be a good way to defend against this rising threat

As NCC Group points out in its report, even if an organization uses a vulnerable version of Telerik, putting it behind a well-configured Web Application Firewall would render any exploitation efforts futile.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Paying is risky

In data exfiltration extortion attacks, meeting the threat actor’s demands by paying a ransomware, guarantees nothing. On the contrary, it could give the hackers an incentive to attempt further extortion in the future.

It is also possible that even if a victim pays a ransom, their data may end up sold on criminal marketplaces or hacker forums as an additional way of generating revenue for the attackers.

Ransomware negotiation firm Coveware, strongly advises its clients never to pay a ransom to prevent stolen files from being leaked to the public.

During negotiation cases in the past, victims have paid a ransom and their data was stll leaked or no proof of deletion was ever provided.

  • Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.
  • Netwalker: Data posted of companies that had paid for it not to be leaked
  • Mespinoza: Data posted of companies that had paid for it not to be leaked
  • Conti: Fake files are shown as proof of deletion

Due to this, victims should automatically assume that their data has been shared with other threat actors and that it will be used or leaked in the future, regardless of whether they paid a ransom.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us