Startups worried about "Precursor malware": Entry point of ransomware infection

Cybersecurity teams are constantly grinding hours in proofing the IT system from targeted attacks. Even so, newer variants of malware, virus and ransomware are intensifying. Startups worried about "Precursor malware": The entry point of a ransomware infection is quite difficult to track, and the new variant comes at an unpredictable level.

Among the cyber threats hunting us in every direction, malware and ransomware surely top the list. Large enterprises or organisations get their data stolen quite often. But they maintain enough backup to restore quickly after a swift cleansing. For individual users and startups, achieving the same strategy is quite hard.

Cybersecurity startup Lumu Technologies talked about ransomware and said it doesn't appear out of a vacuum. A medium is required to pass on malicious files to the victim system. Ricardo Villadiego, CEO and founder of Lumu Technologies, called out a particular variant named "Precursor malware."

Dark reading shared insights on the Precursor malware, an early sign of ransomware. They said the malware spreads "literally through the networks and escalates access before deploying the ransomware payload." Lumu collected over 21,820,764 indicators in 2021 containing precursor malware-related incidents.

Current generation computer networks are interconnected, making the workflow efficient and fast. One critical drawback remains with the facility. If one system gets compromised, it is easier to get other ones affected as they are interconnected to make file-sharing faster. Lumu outlined the idea of a ransomware attack and called it a "flashcard." The malware follows a vicious cycle until ransomware fully compromises the system.

Further research gave out exciting information. As companies hold critical information in their system, including financial activities private information of customers, they are more willing to pay the ransom to recover the data.

Cybersecurity consultancy firm CyberEdge gave out statics on the matter. From 19.4 per cent in 2018 to 71.6 per cent in 2021 paid out a ransom to recover data. It is a steady growth of successful ransomware attacks. Similar statics boosts ransomware attackers' ego to continue their mission.

Even though governments are willing to participate alongside cybersecurity firms to tackle the unbearable event, the efforts are not enough. Individual protection, cybersecurity training, and frequent checks are required to eliminate the vicious cycle of ransomware attacks.

A recent report from BleepingComputer quoted LockBit, customer relationship management (CRM) service Ateneo's suffering. While publishing their 2021 financial year, performance analytics showed a massive $42 million due to ransomware attacks. In October, the firm went through an episode that cost a considerable sum of money.

The cost includes fees for protecting data, timely threat detection, bolstering security and implementing remediation measures. Atento is one of the leading CRM business providers, especially popular in Latin American geography.

The cyberattack was announced on 22nd October 2021, saying they had to suspend operations in Brazil, where the incident took place. It took nearly 24 hours to get back to regular business and provide services to customers. Countless incidents are happening regarding ransomware attacks, some of which you'll find mentioned in Tech News Hub's Cyber News section.

As more companies are paying threat groups to get their data back, they are making the groups further interested in continuing with the dirty tactic.

The Cybersecurity and Infrastructure Security Agency (CISA), NSA and the FBI from the US, along with the Australian Cyber Security Centre (ACSC) and the United Kingdom's National Cyber Security Centre (NCSC-UK), filed a joint advisory against ransomware attacks.

Lumu monitors over 2,000 companies at risk of ransomware and other malware attacks. The Precursor malware spreads through the company's network even before escalating ransomware package deployment.

Security personnel may find suspicious activity when firewall or endpoint detection and response (EDR) software flags any issue. Before taking further action, precursor malware will have flooded with unrelated alerts. While the defending systems try to fix those issues, ransomware is already spread throughout the system.

CEO of Lumu said, "It's hard to find something that we're not looking for", and advised companies to assume the system is breached all the time.