Bigger risks beyond downtime: The double-extortion ransomware appears to be an early version, as it has loopholes. Ransomware often targets and deletes shadow copies to block victims from using Windows’ built-in recovery options. But Yurei did not delete the shadow copies, which, if enabled, can allow the victim to restore their files to a previous snapshot without having to negotiate with Yurei.However, when data is stolen, only backups do not solve the problem. “Even when a company restores its systems, the attackers still may threaten to publish what they stole. That brings in newer risks, like regulatory fines, lawsuits, reputational damage, and exposure of intellectual property. It is a bigger issue than just downtime because it stays for long after systems come back online,” Dhar said.
Defensive gaps don’t last long: Flaws like these usually do not last long. Threat actors can easily fix the gaps in the next version, and CISOs should be mindful of the fact that the next version will fix those gaps.”Enterprises should cut initial access by hardening internet-facing services, enforce phishing-resistant multi-factor authentication everywhere, and block legacy authentication,” Jaju said. “Enterprises must deploy data loss prevention with egress controls, fine-tune UEBA (User and Entity Behavior Analytics) for bulk file access, and monitor cloud storage and MFTs (managed file transfers). To contain attacks, organizations should segment Active Directory and critical data zones, enforce just-in-time administration and privileged access management (PAM), and prepare incident communication and legal workflows.Jaju added enterprises should plan for resilience with intelligence with immutable backups plus threat hunting for open-source indicators (Prince/Yurei build artifacts, PowerShell patterns, ChaCha20/ECIES markers) and subscribe to rapid intel on copycat forks. They should also cover supplier risk by mandating MFA, EDR, and logging for third parties with network or data access and pre-bake kill-switch controls in contracts.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4057067/new-ransomware-yurei-adopts-open-source-tools-for-double-extortion-campaigns.html
