Innovation and Technology
Ransomware Hackers Are Watching You
The ransomware threat is evolving, and attackers are continually seeking new angles and technologies to exploit, to aid with leveraging payments in these modern-day extortion schemes. Some are hard to fathom, like the DOGE-trolling hackers demanding $1 trillion, exploiting zero-day vulnerabilities in Windows, and the increasingly common use of 2FA bypass attacks and access to 19 billion compromised passwords on the dark web. But what if ransomware hackers were using employee monitoring software to see what you are up to during the attack and to steal your credentials as well? Welcome to the sinister world of Qilin and Hunters International ransomware.
How Ransomware Attackers Can Spy On You
While the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have recently issued a security alert about the dangers that unsophisticated threat actors pose to U.S. critical infrastructure services, that doesn’t mean all ransomware hackers are using the kind of basic and elementary intrusion techniques described in the CISA advisory. Take the Qilin and Hunters International ransomware threat, whose affiliates have been observed using a legitimate employee monitoring tool during their attacks.
The Qilin and Hunters International Ransomware Attack
The ransomware attacks in question started with malicious Google Ads deployed by the threat actors. These were designed to display “when people searched for RVTools, a free Windows utility for managing VMware vSphere deployments,” Sergiu Gatlan at Bleeping Computer, said. If the would-be victim clicked through that advert then it started a waterfall of nefarious events leading to the download and installation of something called Kickidler.
Kickidler: A Legitimate Employee Monitoring Tool Turned Malicious
Here’s the thing: Kickidler is not malware. In fact, it’s a perfectly legitimate employee monitoring tool that’s deployed by more than 5,000 organizations across the world. The key point of interest is that it provides a visual monitoring capability. Once installed, the ransomware hackers can literally see what you are doing.
Consequences of the Attack
Varonis threat research investigators have suggested that the ransomware attackers have used the software in order to have undetected access to target systems for weeks at a time, enabling the collection of the credentials required to gain access to critical off-site cloud data backups. It is recommended, therefore, that network defenders ensure the effective and regular auditing of any installed remote monitoring and management software.
Conclusion
The Qilin and Hunters International ransomware attack is a stark reminder of the evolving nature of cyber threats. As attackers become more sophisticated, it’s essential for organizations to stay vigilant and take proactive measures to protect themselves. By understanding the tactics used by these attackers, we can better equip ourselves to prevent such attacks and minimize their impact.
Frequently Asked Questions
Q: What is Qilin and Hunters International ransomware?
A: Qilin and Hunters International is a type of ransomware that uses a legitimate employee monitoring tool to spy on victims and steal their credentials.
Q: How does the attack start?
A: The attack starts with malicious Google Ads that lead to the download and installation of the Kickidler employee monitoring tool.
Q: What is Kickidler?
A: Kickidler is a legitimate employee monitoring tool that provides visual monitoring capability, which can be used by ransomware attackers to spy on victims.
Q: How can organizations protect themselves?
A: Organizations can protect themselves by ensuring the effective and regular auditing of any installed remote monitoring and management software and being cautious when clicking on online ads.
Community Mentorship Programs Help Strengthen Local Workforce and Social Impact
Low-Code Platforms are Changing How Businesses Build Internal Technology
Microlearning in Employee Training: A Practical Approach to Workplace Skill Development
Decision-Making Frameworks Improve Strategic Leadership and Organizational Clarity
Career Ladder Programs Strengthen Workforce Development and Employee Retention
Workplace Recognition Programs Improve Organizational Culture and Employee Engagement
Why Mental Endurance is Essential for Workplace Resilience
What Informational Interviews are and Why they Matter
How Emotional Intelligence Can Help You Manage Stress and Build Resilience
Interview with Dr. Kristy K. Taylor, WORxK Global News Magazine Founder
Sarah Herrlinger Talks AirPods Pro Hearing Aid
NetWork Your Way to Success: Top Tips for Maximizing Your Professional Network
Unlocking Human Potential: Kim Groshek’s Journey to Transforming Leadership and Stress Resilience
The Power of Belonging: Why Feeling Accepted Matters in the Workplace
Health-care stocks fall after Warren PBM bill, Brian Thompson shooting
Glenda Benevides: Creating Global Impact Through Music
-
Resiliency7 months agoHow Emotional Intelligence Can Help You Manage Stress and Build Resilience
-
Career Advice1 year agoInterview with Dr. Kristy K. Taylor, WORxK Global News Magazine Founder
-
Diversity and Inclusion (DEIA)1 year agoSarah Herrlinger Talks AirPods Pro Hearing Aid
-
Career Advice1 year agoNetWork Your Way to Success: Top Tips for Maximizing Your Professional Network
-
Changemaker Interviews1 year agoUnlocking Human Potential: Kim Groshek’s Journey to Transforming Leadership and Stress Resilience
-
Diversity and Inclusion (DEIA)1 year agoThe Power of Belonging: Why Feeling Accepted Matters in the Workplace
-
Global Trends and Politics1 year agoHealth-care stocks fall after Warren PBM bill, Brian Thompson shooting
-
Changemaker Interviews12 months agoGlenda Benevides: Creating Global Impact Through Music