New 'SnapMC' threat group steals data, then extorts victims for payment – SiliconANGLE News

UPDATED 22:25 EDT / OCTOBER 13 2021
by Duncan Riley
So-called “double-tap” ransomware groups, which both encrypt and steal data and then threaten to publish the data without payment, have been on the rise for year. The appeal of such an attack is that the victim has to deal with systems being crippled and the threat of company secrets being exposed to all and sundry.
But what if a cyberthreat group just did away with the encryption side of ransomware, simply stole data and extorted the company for a ransom in return for not publishing the stolen data instead?
That’s the modus operandi of a threat group dubbed “SnapMC” detailed in a new report from NCC Group plc. Researchers at the company’s Research and Intelligence Fusion Team say they have observed an increasing number of data breach extortion cases and that, given the current threat landscape, the absence of ransomware is notable.
SnapMC has not been linked as yet to any known threat actors. The name is derived from the actor’s rapid attacks, generally completed in under 30 minutes, and the exfiltration tool mc.exe it uses.
In a typical SnapMC attack, the threat actors scan for multiple vulnerabilities in web service applications and virtual private networking solutions. The threat actor steals data from servers vulnerable to remote execution in Telerik UU for ASPX.NET and SQL injections.
Having gained access and stolen data, the group then sends extortion emails to victims. Typically, a victim is given 24 hours to contact SnapMC and 72 hours to negotiate a payment. SnapMC includes a list of stolen data as evidence that it has gained access to the victim’s infrastructure.
If the victim does not respond or pay, the actor threatens to publish, or immediately publishes, the stolen data and informs the victim’s customers and various media outlets.
Mitigation from attacks starts with addressing known vulnerabilities for which patches exist. “Patching in a timely manner and keeping (internet-connected) devices up-to-date is the most effective way to prevent falling victim to these types of attacks,” the researchers note.
Furthermore, it’s recommended to identify where vulnerable software resides in a network through vulnerability scanning. This includes third parties that supply software packers.
The researchers predict that “data breach extortion attacks will increase over time, as it takes less time, and even less technical in-depth knowledge or skill in comparison to a full-blown ransomware attack.”
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
New ‘SnapMC’ threat group steals data, then extorts victims for payment
DevOps darling GitLab prices its IPO at $77 per share, well above its earlier range
Verizon Visible customers targeted in a credential-stuffing attack
Facebook updates its harassment policies to protect public figures better
Homeland Security secretary warns ‘killware’ is the next big cyber threat
Engineer interviewing startup interviewing.io raises $10M
New ‘SnapMC’ threat group steals data, then extorts victims for payment
SECURITY – BY DUNCAN RILEY . 41 MINS AGO
DevOps darling GitLab prices its IPO at $77 per share, well above its earlier range
CLOUD – BY MIKE WHEATLEY . 1 HOUR AGO
Verizon Visible customers targeted in a credential-stuffing attack
SECURITY – BY DUNCAN RILEY . 1 HOUR AGO
Facebook updates its harassment policies to protect public figures better
POLICY – BY JAMES FARRELL . 2 HOURS AGO
Homeland Security secretary warns ‘killware’ is the next big cyber threat
SECURITY – BY DUNCAN RILEY . 2 HOURS AGO
Engineer interviewing startup interviewing.io raises $10M
CLOUD – BY DUNCAN RILEY . 3 HOURS AGO
Learn about the latest technology trends and how to leverage Arm’s computing solutions at the three-day virtual Arm DevSummit Oct. 19-21. Register here.
Forgot Password?
Like Free Content? Subscribe to follow.

source