Kaspersky Lab noted that the new attacks differ from cyberattacks using encryption viruses in that the scammers do not use specially created malware, but the standard BitLocker Drive Encryption technology included in the Windows operating system. Several Russian companies have been hit by ransomware attacks that have blocked access to corporate data and demanded a ransom.
The company explained that scammers get into the corporate network with the help of phishing emails that are sent on behalf of different companies in order to obtain user data or vulnerabilities in the system. After that, they find the BitLocker function in the control panel, perform encryption, and assign themselves the keys, usernames, and passwords that this program generates.
As the company said, as soon as the scammers get access to the server, which contains information about all corporate devices, they can completely encrypt the IT infrastructure of the organization.
Sergey Golovanov, the chief expert at Kaspersky Lab, explained that it is now difficult to estimate the actual number of attacks since the attackers use standard operating system tools.
"At this stage, we can assume that this is not a targeted campaign: the attacked companies are not similar both in size and in areas of activity," the expert said. According to Mr. Golovanov, scammers make phishing emails without taking into account the specifics of the enterprise and are widespread.
Earlier, Kaspersky Lab recorded hacker attacks on ten Russian financial and transport companies using a previously unknown Quoter ransomware program, as well as phishing emails with a banking Trojan program. The hackers sent out phishing emails with topics such as "Request for refund" or "Copies of Last Month's documents". As soon as the recipient clicked on the link or opened the attachment, a malicious RTM Trojan was downloaded to their device.
