Skip to main content

Ransom X Ransomeware attacks Texas Department of Transportation TxDOT

Ransomware | What Is and Different Types of Ransomware

Ransom X Ransomeware attacks Texas Department of Transportation TxDOT

RansomX is a new ransomware used actively in human-operated and targeted attacks against government agencies and enterprises.

In May 2020 two Texas state agencies were attacked, the Texas Court and the Texas Department of Transport(TxDOT) were hit by a ransomware attack.
At the time of the attacks , it was not known what ransomware targeted the agencies

RANSOM X

This is a human-operated ransomeware, rather than one distributed via phishing or malware, when executed the ransomware will open a console that displays information to the attacker while it is running.
Ransom Exx console

This ransware bypass various windows system folders and any files that match the follow extensions:


.ani, .cab, .cpl, .cur, .diagcab, .diagpkg, .dll, .drv, .hlp, .icl, .icns, .ico, .iso, .ics, .lnk, .idx, .mod, .mpa, .msc, .msp, .msstyles, .msu, .nomedia, .ocx, .prf, .rtp, .scr, .shs, .spl, .sys, .theme, .themepack, .exe, .bat, .cmd, .url, .mui
By bypassing these folders, it gives room for attackers to encrypt a computer while also attacking
other computers on the network without fear their tools will become encrypt.

Ransom X also perform a series of commands throughout the encryption process that:

  • Delete NTFS journals
  • Disable Windows Recovery environment
  • Delete Windows backup catalogs
  • Deletes Windows backup catalogs
  • Clears Windows event logs
  • Wipe free space from the Local drives.
Below is an example of the Texas Department of Transport attack was .txdot.

Ransom Exx encrypted files




Comments

Post a Comment

Popular posts from this blog

10 Important Cybersecurity Practices for your Business

  10 Important Cybersecurity Practices for your Business 1. EDUCATION  It’s much easier to prevent a hack than it is to recover from a hack. Once your company’s sensitive data is stolen through a ransomware attack, recovering it is often a long and arduous process. Teaching employees about basic security, personal cybersecurity, and the prevalence of cyber threats goes a long way in stopping ransomware attacks before they can really do damage. Your employees should understand that they might be targets of malicious actors, eager to exploit any entry they can find in your company. The average cost of a cyberattack is 3.86 million and the cumulative total for global cybercrime is expected to cost $6 trillion. If you don’t pay to train your employees about cybersecurity best practices eventually you may end up paying more in the long run. High quality and free trainings for your employees are available from several government resources including Department of Homeland S...
Post a Comment
Read more
Top 20 Most Asked Third Party Risk Questions for Vendors  These questions help organizations assess the overall risk posed by third-party vendors, covering critical areas like data protection, regulatory compliance, and incident response. Here’s a list of the Top 20 Most Asked Third-Party Risk Management (TPRM) Questions for Vendors in TPRM questionnaires: 1. What types of sensitive data do you handle for our organization? Vendors should clarify the types of data they collect, process, or store, such as personal information, financial data, or intellectual property. 2. How do you protect data at rest and in transit? This question probes into the encryption methods, protocols, and security controls in place for safeguarding data during storage and transmission. 3. Do you have a formal Information Security Program in place? Vendors should describe their overall cybersecurity framework, including policies, procedures, and governance. 4. How do you manage user access to our data and s...
Post a Comment
Read more

Nearly 500,000 workers are needed in cybersecurity roles around the country

The push to work from home during the coronavirus pandemic is straining cybersecurity professionals around the country tasked with ensuring workers are able to not only work efficiently from remote locations — but to do so safely. This rapid shift is a tall order for an industry that was already in need of skilled professionals long before the pandemic took hold.  Cybersecurity workers were taken off some or all of their typical security duties to assist with other IT-related tasks, including equipping mobile workforces, according to an April survey from global nonprofit (ISC)2, the largest association of certified cybersecurity professionals. The survey of 256 cyber pros found nearly half were re-tasked and that a quarter said cybersecurity incidents increased since the transition to remote work, with some seeing as many as double the number of incidents. Separate data from another nonprofit cybersecurity group, the Information Systems Security Association, found a 63% increase in...
Post a Comment
Read more