Sophos, the multinational data security firm, has found a new variant of ransomware dubbed Memento that is exhibiting new traits rather than just locking down the files after stealing a portion of data.
Researchers have found that Memento Ransomware does the usual encryption process after stealing a portion of data. However, if the content cannot be encrypted, it just locks down the files with a password and stores them in an archival folder until a ransom of $1 million in Bitcoins is paid.
Going by the details, first the attack was discovered in April this year when the threat actors targeted a Vmware’s vSphere machine through a vulnerability that led them to create a foothold in a network by May 2021.
Then in October 2021, they attacked the machine with the file encrypting malware, after which the left out files that cannot be encrypted were compressed and locked down with a password with the help of WinRAR tool.
Interestingly, the attack was neutralized by the IT staff of the company, who then recovered the locked data via software. However, the bad news is that the same flaw was used by two other threat actors who then dropped crypto-mining currency onto the same compromised server.
By strategically deploying a layered security protection and using an anti-ransomware technology to protect the data are the only two ways to protect a network from being encrypted by hackers.