A new, sinister ransomware is sweeping the web. Dark Power, the nascent evil of worldwide ransomware threat group, has already stolen the personally identifiable information of 10 people in the first month of operations; and threatened to publish that private information if their ransom demands were not met.
The ransom demands so far have hovered around $10K.
Origins of Dark Power
This up-and-coming malware is often associated with organized crime, but it can also be used by individuals or groups for political or financial gain. As the use of Dark Power continues to increase, organizations need to take steps to protect themselves from the potential damage caused by ransomware attacks and other malicious activities associated with it.
Once the ransomware has been installed on a computer, the user will be locked out of their system and will be asked to pay up to hundreds of thousands of dollars for their data being restored. In comparison, Dark Power seems downright kind for only asking for $10K!
Just kidding. Even a $1 ransom is too much to pay for your own data.
What’s more: Dark Power was written in a coding language, Nim, which is becoming increasingly popular among thieves due to its speed and efficiency in dispersing ransomware. As such, Dark Power has become a major threat for businesses and individuals alike, as it can cause significant financial losses if not dealt with quickly.
What to Do If Your Data is Ransomed
Would you be tempted to pay the ransom? You should know that that doesn’t guarantee your data gets returned—in fact, only 8% ever see their data again.
Even if the cybercriminal does decrypt your files as promised, they might charge you a second fee to stop them from releasing that information to the public. This is known as double extortion.
Instead of losing money, follow these steps:
- Disconnect the machine. The infection can spread through the local network to other systems.
- DO NOT pay the ransom. Report the infection to I.T., the authorities, other stakeholders with a vested interest, such as your insurance company, and start proper incident response protocols
- Ensure backup & recovery systems are ready so business can continue as usual. Backup and disaster recovery systems should be checked regularly to determine they are working as intended so you can recover within the Recovery Time and Recovery Point Objectives; RTO and RPO respectively.
You should always report the breach to those whose information may have been discovered!
Ransomware has been at the top of our threat radar for several years now. The steady emergence of new, powerful threats remains proof that this kind of cyber-attack is not waning in popularity. Instead, vigilance and understanding how these threats come in and what they look like can protect you from making rash decisions in a disaster. Familiarize yourself with your company’s recovery action plan!
Keep an eye out for suspicious messages or activity, and report ransomware and other malware immediately!