CNET también está disponible en español.

Ir a español

Don't show this again

Kamala Harris is Biden’s VP pick 2020 Perseid meteor shower Qualcomm wins in FTC lawsuit appeal Weekly $400 unemployment benefit Mozilla cutting 250 jobs Google Maps returns to the Apple Watch

Ransom-based malware attacks specific companies

Low ransom request and a self-termination date on the code suggest this is a test attack.

Various security companies are today reporting targeted attacks made on Fortune 1000 companies over the weekend. What's notable is that documents within each of the affected companies were stolen, encrypted, then the companies were offered a decryption key for a fee. What's odd is that the amount requested as ransom was a mere $300.

Reuters reports companies hit by the attack include Booz Allen, Unisys, Hewlett-Packard and Hughes Network Systems. Security vendors report having identified hundreds more.

The attack works like this. Malware writers target a handful of companies, somehow manage to sneak their code past the corporate antivirus protection, then encrypt what the attackers consider to be significant documents. It's unclear whether the attackers have and are otherwise using the information in the encrypted documents. The attackers then send the companies a note explaining that the document is locked with RSA-4096. The ransom aspect of this attack tends to disguise the fact that companies were compromised in the first place.

Analysis by antivirus vendor Kaspersky finds no trace of RSA-4096 and suggests a weaker form of encryption was used instead. Also, the initial malware used to harvest and encrypt the files has a self-termination date of July 17th, suggesting this was a test run for something larger. Perhaps that's why they're only demanding $300.