Summary: <br> In this episode of the podcast, <a href="http://bit.ly/PureVPN-SponsoredAd">sponsored by PureVPN</a><a href="#sponsor">*</a>, Michael Kajiloti of the firm Intezer Labs joins us to talk about the origins and makeup of PureLocker, a new family of ransomware designed to target production servers in the enterprise.<br> <br> <br> <br> <br> <br> <br> <br> Ransomware attacks are making headlines all over the world, as the malicious, file encrypting software wreaks havoc everywhere from <a href="https://www.nj.com/essex/2019/11/nj-school-districts-payroll-still-down-after-ransomware-attack.html">school districts</a> in small town America to <a href="https://www.cisomag.com/rouen-hospital-ransomware-attack/">hospitals in France</a> and beyond. <br> <br> <br> <br> Up to now, ransomware attacks have followed a pattern: attackers target organizations indiscriminately using phishing email campaigns and malicious websites. For those unfortunate enough to click on a malicious link or open a malicious email attachment, the punishment is swift and severe: ransomware crawls their network finding, infecting and encrypting every hard drive it can find. <br> <br> <br> <br> <a href="https://securityledger.com/2019/05/do-cities-deserve-federal-disaster-aid-after-cyber-attacks/" target="_blank" rel="noreferrer noopener">Do Cities deserve Federal Disaster Aid after Cyber Attacks?</a><br> <br> <br> <br> <a href="https://www.linkedin.com/in/michael-kajiloti-8894b750/">Michael Kajiloti</a> is a security researcher a the firm Intezer<br> <br> <br> <br> Ransom fit for the Enterprise<br> <br> <br> <br> But as the ransomware plague continues unabated, new variants of ransomware are emerging: less noisy and more particular about the organizations and systems they will infect. <br> <br> <br> <br> One example of this is the <a href="https://www.intezer.com/blog-purelocker-ransomware-being-used-in-targeted-attacks-against-servers/">recently discovered PureLocker malware</a>: a new ransomware variant that was identified by researchers at IBM X-Force and the Israeli firm Intezer. Unlke other common ransomware, PureLocker is shy and retiring by comparison: programmed to run only on production servers deployed in the enterprise – and only under conditions most favorable to the malware’s spread. <br> <br> <br> <br> <a href="https://securityledger.com/2018/12/destructive-shamoon-malware-attacks-italian-oil-services-firm/" target="_blank" rel="noreferrer noopener">Destructive Shamoon Malware Attacks Italian Oil Services Firm</a><br> <br> <br> <br> Sold as a service, the new ransomware is difficult to detect. Under the hood, it bears a striking resemblance malware used by hacking groups like <a href="https://attack.mitre.org/groups/G0037/">Fin6</a> and the <a href="https://attack.mitre.org/groups/G0080/">Cobalt Gang</a> and linked to the same malware as a service group. <br> <br> <br> <br> What does this mean about the evolution of the ransomware problem and the types of companies and assets that may be targeted? <br> <br> <br> <br> To find out, we invited <a href="https://www.linkedin.com/in/michael-kajiloti-8894b750/">Michael Kajiloti</a>, a security researcher a Intezer, which discovered the malware, into the Security ledger studios to discuss PureLocker and how clues in the ransomware code helped researchers understand where it came from.<a name="sponsor"> </a><br> <br> <br> <br> <br> <br> <br> <br> (*) Disclosure: This podcast and blog post were <a href="https://www.purevpn.com/order?utm_source=Website&utm_medium=Security_Ledger&utm_campaign=PureVPN_SL">sponsored by PureVPN</a>. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out <a href="https://securityledger.com/about-security-ledger/">our About Security Ledger ...</a>
