A sustained ransomware campaign aimed at extorting Japanese companies now appears to have been part of an elaborate cyber espionage operation that included destroying data to conceal evidence, according to Israeli cybersecurity firm Cybereason. Based on malware analysis and other technical indicators discovered on victims’ networks, Cybereason concluded the two-part virus, dubbed “MBR-ONI,” was specially designed to target specific Japanese organizations in order to steal data during a certain timeframe. While the infections first appeared to be limited to conventional, cybercrime-related ransomware, further inspection by Cybereason revealed hidden commands were taking place behind the scenes, including a script that wiped Windows event logs. “We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation,” a blog post published Tuesday by the company reads. “These targeted attacks lasted between three to nine months and all ended with an attempt to encrypt hundreds of machines at […]
The post Japanese businesses are the latest victims of attacks disguised as ransomware appeared first on Cyberscoop.
Continue reading Japanese businesses are the latest victims of attacks disguised as ransomware→