Experts On RegretLocker Ransomware Strikes Windows Virtual Desktops

Juniper Threat Labs is offering perspective on the newly discovered RegretLockerExperts On RegretLocker Ransomware Strikes Windows Virtual Desktops ransomware, which rapidly encrypts Windows virtual desktops according to researchers.

MalwareHunterTeam: https://twitter.com/malwrhunterteam/status/1321375502179905536?s=20

Researcher Vitali Kremez: https://twitter.com/VK_Intel/status/1323693700371914753?s=20

Juniper Threat Labs:  https://threatlabs.juniper.net/signatures/#/

Experts Comments

November 05, 2020
Chloé Messdaghi
VP of Strategy
Point3 Security
Unfortunately, this ransomware has broken through the speed-of-execution barrier for encrypting virtual files, and there have been many trying to figure out how to do it. RegretLocker encrypts the virtual hard drives and then closes files, rives & closes files. It actually seizes the virtual disk and is much faster in execution than previous ransomware attacking virtual files. This is the kind of ransomware that forces companies to pay up, because it’s one that’s capable of bringing.....Read More
Unfortunately, this ransomware has broken through the speed-of-execution barrier for encrypting virtual files, and there have been many trying to figure out how to do it. RegretLocker encrypts the virtual hard drives and then closes files, rives & closes files. It actually seizes the virtual disk and is much faster in execution than previous ransomware attacking virtual files. This is the kind of ransomware that forces companies to pay up, because it’s one that’s capable of bringing line-of-business processes and production to a halt. As we’ve seen, when the main consequences are loss of customer data, companies may or may not have been motivated to pay ransom, but when key business processes cease, victims will do whatever’s necessary to resume production. This is why it’s absolutely critical to upskill security teams and train all employees on avoiding falling for phishing attacks, because that’s the primary method of entry.  Read Less
November 05, 2020
Saryu Nayyar
CEO
Gurucul
The newly discovered RegretLocker ransomware is another example of how sophisticated malware authors have become, and how they are continuing to develop their attacks as Cybersecurity practitioners continue to improve our defenses. This ransomware's new capabilities make it more of a challenge, especially if it becomes widespread. However, behavioral analytics tools should be able to identify it quickly and mitigate the threat as they can with other ransomware strains. They key is having a.....Read More
The newly discovered RegretLocker ransomware is another example of how sophisticated malware authors have become, and how they are continuing to develop their attacks as Cybersecurity practitioners continue to improve our defenses. This ransomware's new capabilities make it more of a challenge, especially if it becomes widespread. However, behavioral analytics tools should be able to identify it quickly and mitigate the threat as they can with other ransomware strains. They key is having a mature security stack, and educating users to help reduce the chance of infection in the first place.  Read Less
November 05, 2020
Mounir Hahad
Head
Juniper Threat Labs, Juniper Networks
Going after virtual disks seems like a niche market for threat actors. Most ransomware does not need to deal with virtual disks to pose a threat. Their decision of communicating with victims through email only seems again like a poor choice. It is true that picking an Iceland-based email provider gives them some privacy, but it doesn’t protect against criminal activity. Once Ctemplar takes action and closes their email account, their victims will be left hanging to dry with no contact with.....Read More
Going after virtual disks seems like a niche market for threat actors. Most ransomware does not need to deal with virtual disks to pose a threat. Their decision of communicating with victims through email only seems again like a poor choice. It is true that picking an Iceland-based email provider gives them some privacy, but it doesn’t protect against criminal activity. Once Ctemplar takes action and closes their email account, their victims will be left hanging to dry with no contact with the attackers.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.