Cybersecurity researchers discover a new and powerful version of Satan ransomware.
Satan has been on the cyberspace for more than 2 years already, and now Satan apparently has support for the Spring Web application framework, the ElasticSearch search engine, and ThinkPHP Web application framework which is very popular in China.
At a first look we can easily observe that this malware is becoming more sophisticated and operations against victims more targeted, researchers say.
A recent report shows that Satan was used recently in multiple debilitating attacks on manufacturers, chemical companies, and engineering firms.
This kind of behavior is a very dangerous one because it demonstrates that now hackers are using more methodical techniques, in order to obtain a better way to use new vulnerabilities that have recently been successfully exploited.
It also demonstrates that Satan ransomware framework is in a continuous process of improvement.
For those who don’t know Satan, is the malware component of a ransomware-as-a-service offering on the Dark Web and it is already packed with exploits for a variety of Web technologies, such as JBoss, Apache Struts, Web Logic, Tomcat, and the infamous EternalBlue exploit for Windows SMB services.
The ransomware-as-a-service is successful in that it is taking advantage of those vulnerabilities that have been exploited much faster.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Researchers say that a ransomware payload, typically encrypts valuable data until a victim pays the ransom; this kind of cyber attack it is very dangerous because it affects both the operations of victims and networks.
In the past years, significant ransomware attacks have shown the danger of this kind of malware that makes data essentially unusable.
For example, let’s remember the 2014 cyber attack on Sony Pictures had a wiper component that erased systems and forced the company to take weeks to clean its information-technology environment and recover business data.
Even more, recently back in 2017, WannaCry and NotPetya spread like wildfire through a never been seen number of companies’ IT systems; affecting operations for manufacturing giants such as pharmaceutical maker Merck, automaker Nissan, and shipping conglomerate AB Maersk.
If you ask what is the most recent one? The answer is simple, Satan disrupted the government systems and services in the city of Baltimore.
The biggest threat of Satan doesn’t come from its ransomware, in fact, it comes from its other component that can move freely through networks: once Satan compromises a system, the malware attempts to execute its list of exploits against each IP addresses on the local network.
Ransomware is also becoming more of a capability of malware and a potential tool to use during powerful cyber attacks. With Satan, skilled hackers are more dangerous than ever. The current version of the malware platform scans for applications such as Drupal, Adobe, and XML-RPC; but its developers can easily update their exploit database if they observe that enough of victims can be affected.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.