Incidents of Malware Infection from Emotet to Ransomware
ーBeware of Double-Extortion Ransomwareー

Information security solutions provider Digital Arts Inc. (headquarters: Chiyoda-ku, Tokyo, Japan; CEO: Toshio Dogu; hereinafter referred to as “Digital Arts”; Code 2326) is pleased to announce the release of a report on incident aggregation and an investigation into ransomware tactics for the first half of 2021.

Until last year, the malware "Emotet "*1was on a rampage, but now, reports of damage from ransomware are increasing. Ransomware is malicious malware that encrypts important data and demands a "ransom" in exchange for restoring it. Recently, "double-extortion" schemes have begun to spread. These not only encrypt data, but also threaten to release it if the ransom is not paid, posing a double threat. We investigated the latest status of these "malware infections" and the new methods of ransomware.

Incidents of Malware Infection from Emotet to Ransomware

Security incidents such as information leaks at domestic organizations in the first half of 2021 (January to June) were independently compiled based on public reports by the organizations concerned and press materials from the media

The most frequently reported incidents in the first half of 2021 were those caused by "hacking" followed by "mishandling and inadequate settings. This is a significant increase compared to the first half of the previous year. An example of "hacking" is the unauthorized access to a project information sharing tool that affected many organizations, including the National center of Incident readiness and Strategy for Cybersecurity (NISC), Ministry of Foreign Affairs, Ministry of Economy, Trade and Industry, and Ministry of Land, Infrastructure, Transport and Tourism.

This time, we would like to pay special attention to the incidents classified as "malware infection." Comparing the first half of 2021 with the first half of 2020, the number of "malware infections" has not changed much, but the content has changed. For one thing, as discussed in a previous report*2, Emotet was rampant in 2020, but it was taken down and rendered harmless at the end of January 2021, so no new damage has been done. Another reason is that reports of "ransomware" damage are starting to increase. As shown in green in [Figure 2], the number of cases started to increase in the second half of 2020. In the first half of 2021, 12 cases were reported.

Double extortion ransomware is spreading — Japanese organizations are also being targeted and need to take all possible measures.

Increasing ransomware damage is gaining severity across the globe. "Damage caused by ransomware" was selected as the number one threat to organizations in the 10 major threats to information security 2021 published by Japan's Information-technology Promotion Agency (IPA). Did you know that double extortion ransomware has recently been on the rise? Conventional ransomware encrypts the data of a compromised device or server, rendering it unusable and demands a monetary ransom to get it back. Recently, "double extortion ransomware," which not only encrypts but also steals data before encryption and threatens to release the stolen data if not paid, has become more common. In May 2021, a major US oil pipeline company was attacked by a ransomware/criminal group called DarkSide. The hacking resulted in the theft of critical data, followed by encryption and a ransom of $4.4 million (about 480 million yen). This caused havoc in the US and forced the company to shut down for a few days.

Japanese organizations are no exception to these attacks. In November 2020, a Japanese game developer was attacked by a ransomware/crime group called Ragnar Locker. Unauthorized access via overseas offices caused damage to domestic offices as well, resulting in the theft and encryption of important data.

• *1 In addition to stealing information, malware can also be used to spread other malware. Infection is spread by through malicious email attachments (attack emails) from malicious people.
• *2 Security Report "Domestic Security Incidents for the Past Three Years: Dramatic Malware Infection Increase Casued by Emotet"
  https://www.daj.jp/security_reports/210126_1/

Digital Arts offers monthly webinars on security.

<Popular dialogue webinar> The latest information on how to avoid becoming a victim of the ever-increasing ransomware! —Countermeasures against attacks "now" and "in the future—

Would you like to know how to prepare for the ever-increasing threat of ransomware? We have invited Mr. Nobuhiro Tsuji, a security engineer who is actively engaged in researching and analyzing the security status of the country and sharing threat information as a security engineer, to conduct a webinar on the theme of "Ransomware," in which he will discuss the topic in depth with examples of damage. Nobuhiro Tsuji, who has been watching and dealing with ransomware for many years, will provide the latest information useful for future countermeasures, including changes in attack trends and examples of the methods used. This seminar is designed to help you understand ransomware better by answering questions such as, "I heard the word ransomware in the media, but I don't know what it actually is." In this seminar, you will learn how to resolve your doubts and deepen your understanding of ransomware.

To register, click here https://mktg.daj.jp/public/seminar/view/4253 (First come, first served, so don't delay!)

The new standard for security measures Bringing Whitelisting to you

With our products i-FILTER and m-FILTER, Whitelistingis achieved by only allowing access to websites that Digital Arts has confirmed to be safe. With i-FILTER for exit measures, you can click on websites you want to access with confidence, and with m-FILTER for entrance measures, you can open all received emails with confidence, thus reducing the operational load on the information system department. Get your hands on i-FILTER and m-FILTER, which can prevent malware infection via the web and email, and help realize a world with a more secure internet today.

https://www.daj.jp/bs/ifmf/

Click here for the ransomware report.

The following is available on our site.

Security Report https://www.daj.jp/security_reports/210903_1/