This Week in Ransomware: Pseudo Ransomware Attacks Return

Pseudo ransomware attacks are on the rise, posing an entirely different threat than traditional ransomware.

According to ThreatPost, disruptive malware attacks on Ukrainian organizations, posing as ransomware attacks, are likely part of Russia’s effort to undermine Ukraine’s sovereignty. This has occurred as Russia threatens to launch an invasion of Ukraine.

Last week, Trellix released its first major research report. The Advanced Threat Research Report examines the most noteworthy cybercriminal activity in the third quarter of 2021.

While discussing the report, Raj Samani, chief scientist and fellow at Trellix, said pseudo ransomware will pose a prominent threat in 2022.

“This year we rolled out from log4j, straight into pseudo ransomware attacks,” he said. “If January is anything to go by, this year will bring many more critical events to address.”

The Nuts and Bolts of Pseudo Ransomware

But what exactly is pseudo ransomware? We asked cybersecurity experts to weigh in.

Matthew Warner is Blumira‘s CTO and co-founder. He said the major difference is motive.

“Pseudo ransomware, also known as wiperware, is often geopolitical in nature and aims to destroy the victim’s systems rather than offer the opportunity to decrypt them,” he said. “This differs from most of today’s financially-motivated ransomware actors that tend to use tactics such as double extortion to obtain ransom.”

Wiperware’s messages delay recovery investigations as impact is determined, Warner said.

“When NotPetya was utilized in 2017, the message indicated a method of communication via email, similar to this new variant using P2P Tox,” he said. “In both situations, recovery is not generally possible.”

Scroll through our slideshow above for more on this topic and more ransomware news.