Cybersecurity, Gaming, and Ransomware
All is well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, we certainly play video games. Sometimes by ourselves, other times with our children or grandchildren. We play the racing games, zombie games, and many others. We expect to have a great time with this. What we don’t expect is to be a victim of ransomware.
Ransomware
The new ransomware, Anatova, has been detected. This was originally detected by McAfee. The research indicates this was released on January 1, 2019. The ransomware has been noted as infecting others in a private peer to peer networks. This has been analyzed. The ransomware curiously was engineered to be modular in nature. This allows the ransomware to be updated for new functions. This also makes the ransomware more difficult to detect. While this is the case, it has been detected across the globe in Belgium, Germany, France, and the UK, among other European countries.
Code
This version of ransomware was engineered with a slight twist. This does encrypt files just like the other ransomware tools already do. This ransomware also checks for connected network shares, and then encrypts those files.
It is not known who or what group coded this ransomware. Curiously, the malware does not infect systems located in Syria, Egypt, Morocco, Iraq, and India.
How it Works
This uses an old social engineering trick/method. Anatova has an icon of a game or application. This fools the user into believing they will be double clicking on the game. Post-double click, the system shows a request for admin rights. If the user just clicks this for convenience or believes this is a requirement, their (not-so much) fun begins.
This encrypts their system and files, on the PC and servers. The ransomware uses a strong encryption, using a pair of RSA keys. The malware retrieves the username of the logged in party and/or active user. These names are compared with default usernames used with sandboxes. If this is found, the ransomware will not work.
Demands
Once the infection is in place and the user has the “uh-oh” moment, the system notifies the user of the ransomware. The system then demands a payment to unlock the files, just as with the other ransomware samples.
Lessons
This is another example of the additional training needed by the staff. There are very limited occasions when downloading a game is required at work. The equipment really should be used for work.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest encryption.
Resources
Allen, D. (2019, January 23). Anatova is a nasty new ransomware that targets gamers. Retrieved from https://www.techradar.com/news/anatova-is-a-nasty-ransomware-that-targets-gamers
Bhatnagar, V. (2019). Anatova ransomware is targeting gamers. Retrieved from http://www.hackbusters.com/news/stories/4297915-anatova-ransomware-is-targetting-gamers
Digital Trends. (n.d.). Latest ransomware targets gamers with a malicious sophistication. Retrieved from https://www.digitaltrends.com/computing/anatova-ransomware-targets-gamers-malicious/
EHacking News.(2019, January 26). Anatova ransomware is targeting gamers. Retrieved from http://www.ehackinghews.com/2019/01/anatova-ransomware-is-targeting-gamers.html
Fire-Ball Cyber Security. (2019, January 26). Anatova ransomware is targeting gamers. Retrieved from https://fireballcybersecurity.blogspot.com/2019/01/anatova-ransomware-is-targeting-gamers.html
Palmer, D. (2019, January 24). New ransomware poses as gamers and software to trick you into downloading it. Retrieved from https://www.zdnet.com/article/new-ransomware-poses-as-gamers-and-software-to-trick-you-into-downloading-it/
Salim, S. (2019, January 25). Alert: Ransomware found in free games and software. Retrieved from https://www.digitalinformationworld.com/2019/01/anatova-ransomware-targeting-gamers-skilled-hackers.html
Scammell, R. (2019, January 23). Watch out for anatova, a new ransomware targeting gamers. Retrieved from https://www.verdict.co.uk/anatova-ransomware-gamers/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.