In addition to the coronavirus outbreak that’s sweeping across Europe, it would appear that the French government also faces a wave of ransomware to deal with.
The French government’s cybersecurity team CERT-FR was the first agency to sound the alarm. The security agency explained that a gang of ransomware attackers is targeting several local government networks in the country. According to CERT, the hacks are now rampant, and they are carried out using the Mespinoza ransomware strain. [ZDNet]
Ransomware Attacks at the Worst Time
The Mespinoza ransomware was first spotted in October 2019 by a researcher named Amigo-A. At the time, victims explained that they suddenly found some of their computer files being marked with a .locked extension, with the documents themselves being inaccessible. A new strain was detected in December, which replaced the .locked extension with .pysa. Thus, it became known to some as the ‘Pysa ransomware.’
This particular malware has been a favored tool used against large corporations with valuable data worth millions of dollars. As the report notes, the hackers have now shifted their focus to government organizations, as multiple infection reports have now been recorded.
While the government is still searching for further details, current evidence suggests the use of brute force attacks against management consoles and accounts on Active Directory. Active Directory is a Windows product that runs on the Windows server and controls access and permissions to networked resources.
Several organizations told the CERT that they saw remnants of Batch and PowerShell scripts, as well as unauthorized Remote Desktop Protocol (RDP) connections to their domain controllers. These protocols provide a user with an interface to connect to other computers on a network. The attackers also appear to have installed the PowerShell Empire penetration-testing tool to render antivirus applications ineffective.
Canada Sees an Increased Cybersecurity Threat
Ransomware attacks have become increasingly rampant in today’s world, especially since governments seem to have become preoccupied with the COVID-19 outbreak. Reports have confirmed that ransomware attacks have surged over the past few weeks, with several countries confirming that attackers have been using the widespread fear to send emails to their victims falsely promising cures and vaccines.
Once these emails are opened, however, the contents of the computers are immediately locked.
Yesterday, Carmi Levy, director of the Canadian Info-Tech Research Group, confirmed that citizens are at a greater risk of coronavirus-themed attacks, explaining that hackers are simply taking advantage of people’s desire to get some closure or solution.
The Canadian Centre for Cyber Security also issued an alert on Thursday, pointing out that the pandemic now presents a greater risk to the country’s healthcare system.