Among all the threats that can affect our devices, ransomware is undoubtedly one of the most important. As we know it can encrypt our systems and devices. You could leave all the stored files without being able to recover them and lose all the information. In this article we cover Pay2Key , a new threat that is capable of encrypting the entire network in just one hour.
Pay2Key, the ransomware that encrypts the network in an hour
We are facing one of the many ransomware that are on the Internet. However, Pay2Key has the peculiarity that it is capable of encrypting the network in a very short time. A report by Check Point indicates that the attackers behind this threat are most likely using Remote Desktop Protocol (RDP) to gain access to the victims’ computers.
First of all, the intruders manage to infiltrate the victim’s networks. From there they quickly begin to encrypt systems and in less than an hour they can spread the ransomware throughout the network.
When they are inside the network, the hackers configure a pivot device that will be the one they use as a proxy for all the communications that go out between the different computers infected with this threat and the command and control servers.
With the latter, they manage to evade or reduce the risk of being detected before encrypting all the accessible systems on the network by using a single device.
Rescue to regain control
Ransomware, as we have indicated, can encrypt files or devices and later demand a ransom in return. The goal is to profit from these types of attacks. In the case of Pay2Key, we are not facing an exception.
The attackers request a ransom in order to regain control of those computers connected to the network that has been affected. To achieve this they use Microsoft‘s PsExec tool to remotely run ransomware payloads called Cobalt.Client.exe.
Once the ransomware has successfully run, the attackers will display a ransom note. That is the moment when the victim sees the amount of money to pay and the process they should go through to regain control.
The ransomware uses a symmetric and asymmetric hybrid encryption scheme that employs AES and RSA algorithms , with the C2 server delivering an RSA public key at runtime, indicating that Pay2Key will not be able to encrypt computers without an Internet connection or if the command and control server is offline.
According to the security researchers who have detected this problem, this ransomware has only been detected, at least for the moment, by the VirusTotal antimalware engine. This makes it difficult for our antivirus to detect the problem.
This makes common sense one of the main safety barriers. We must avoid errors that could compromise us, such as downloading email attachments that could be a problem, as well as failures when using the devices.
It is essential that we take preventive measures against ransomware, since as we have seen it is one of the most dangerous threats.