Cybersecurity company Trend Micro is raising the alarm on a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa.
Agenda targets Windows-based systems and has been used in attacks against healthcare and education organizations in Indonesia, Saudi Arabia, South Africa, and Thailand.
More importantly, Trend Micro says the observed samples have been customized for each victim, with the requested ransom amount being different for each victim as well – it ranges between $50,000 and $800,000.
Furthermore, the ransomware incorporates procedures for detection evasion by taking benefit of the ‘safe mode’ feature of a gadget to move forward with its file encryption plan unnoticed, but not prior to modifying the default user’s password and enabling computerized login.
Black basta, which is the first in April 2022 is known to use a double extortion technique of encrypting files on target organizations’ systems and demanding a ransom to make decryption possible, while threatening to publish the stolen confidential information if the victim chooses not to pay the ransom.
“Ransomware proceeds to evolve, creating much more innovative approaches and procedures to lure businesses,” the researchers explained.
Trendmicro suggested few recommendations:
- Enable multifactor authentication (MFA) to prevent attackers from performing lateral movement inside a network.
- Adhere to the 3-2-1 rule when backing up important files. This involves creating three backup copies on two different file formats, with one of the copies stored in a separate location.