The new BitPyLock ransomware seems to have stepped up its game, going from targeting individual workstations to spreading to the network in a file-stealing spree. Discovered at the beginning of the month by MalwareHunterTeam, the bug has claimed new victims almost daily.
Interestingly, the ransom notes have already evolved to reflect the progressively ambitious aims of threat actors, who are now attempting to steal data before encrypting the machines in order to use it as leverage to claim a payment from victims.
Tarik Saleh, malware researcher and senior security engineer at DomainTools, explained that this is a natural evolution for a ransomware. “The traditional approach of encrypting your files locally, and keeping them there, has been a contained approach. Attackers are now applying more pressure to the ransomware victims by threatening to broadcast their sensitive information publicly,” he said.
The evolution of BitPyLock means that enterprises’ defensive measures should also adapt to the newly introduced threats.
“If this type of ransomware hits a C-level executive that deals with sensitive business information, then security teams have to deal with the actual data exfiltration scenario,” explained Saleh. “In those types of security incidents, not only do you bring in your legal teams but usually your public relations ones too. These can be nightmare scenarios that can result in significant financial impact to the business, and attackers know that.”