Targeted Ransomware Attack Panics The Taiwanese Organizations

The world is changing fast, especially due to the recent pandemic COVID-19. The leading organizations plan to leave China for their role in the spread of the pandemic. Till now, quite a few organizations have declared their move to Taiwan and it is here that the incident has hit.

The reports claim that most of the Taiwanese companies are hit severely by a targeted Ransomware attack that is sure to create a panic among the companies and their new clients that plan to leave China. The experts have named this Ransomware as ColdLock. The experts accept the severity of this attack as it targets the databases and email servers required for encryption. As per the sources, the attack was noticed in the early may when the companies started complaining about email hacks. With the distinctive characteristics of the Ransomware, the experts find a threat similar to early Ransomware families, named Lockergoga, Freezing, and EDA2.

Speaking to the news reporters, the executive says, "We do not have any ideas about the initial vector of the threat. However, we believe that the hackers got access to the database and email servers of the targeted companies. The problems started out of ignorance when the users downloaded the Ransomware on their systems and ran them to complete the process." "Our experts have found that the said malicious program performs some routine tasks before it affects the databases. Apart from checking the Windows settings, it also checks the availability of %System Root%\ProgramData\readme.tmp, in the database." added the executive.

The Ransomware encrypts the target if it completes the following sets of conditions:

1. The number of files in the directories is less than 100.
2. The last write date in the directories is after January 01, 2018.
3. Directories should not have some specific extension strings, including .git, appdata, cache, image, lib, log/logs, Microsoft, res/resource, script, temp, theme, thirdparty, third_party.
4. After the third one is met, the Ransomware encrypts all the files except the ones with a few extensions, including .avi, .dll, .gif, .iso, .mkv, .mp3, .wmv, .msi, .ocx, .m2ts, .mov, etc.

At ISOEH, our experts believe that such attacks can be avoided by monitoring the databases every day. We are sure about checking and monitoring the security threats almost every day so that the threats become more noticeable. Our team of experts understands the techniques that the frauds use to complete their tasks. We put the best initiatives and techniques to safeguard those areas by making them protected against all threats.

At ISOEH, we encourage our clients to keep their databases and email servers safe by hiring the good hackers who do not do any harm to their data. Instead, we protect your data from getting mishandled.