A unique ransomware named WYSIWYE (What You See Is What You Encrypt) has been detected recently where the conventional ransomware techniques differ. The cyber-criminals deploy this malware to get access to the victims’ computers and then execute the equivalent malware to start encryption automatically and give the ransom message.
After analysis of a recent intrusion incident, it is seen that the malware allows the attackers to customize the interface to more user-friendly manner before launching. With this customization, the attacker cautiously selects the computer whose information would be encrypted, choose files and then self-delete them once the encryption is completed.
Generally configuration of ransomware is standard everywhere. WYSIWYE ransomware is designed for more custom attacks, especially in business networks. In these attacks, the attackers gain access to various corporate networks after a severe attack against the remote desktop connection. The attackers then manually release the ransomware, run it and then configure in numerous ways depending on the nature of the victim, deciding minutely on what they wish to encrypt.
This actually indicates how the cyber-criminals are coming up with newer ways of attacks. While we still see the typical automated attacks, it is quite visible that the amount of hacking attacks in corporate networks are adapting every now and then. The cyber-criminals are fighting against all possible defenses, bypassing one by one and changing tactics every time they are blocked.
The users, who wish to avoid being victims to this new attack, can follow some advice:
• This ransomware attack happens through Remote Desktop Protocol (RDP), so it should be avoided in the corporate network. Even if it is required, there should be a VPN setup so that the users can first access the internal network and later use the RDP.
• Always change the default port and block each connection in the corporate firewall to the port.
