Know Your Threats: Birele File Encryption Malware

Gunn2Matt Gunn, Managing Editor | TechComply

A newly identified threat known as the Birele file encryption malware could cause a big problem for infected workstations.

We recently became aware of the threat, a ransomware that infects a machine and encrypts personal files and data, including images and documents. The Birele malware can make recovering lost files and data virtually impossible, says Safe Systems Noc engineer Kai Xu. Even a system restore or malware removal won’t necessarily bring an infected machine back to life — ultimately the files will still be encrypted. Files encrypted by this type of attack can only be accessed via password. And the password exists on the server of whomever infected the machine in the first place. It’s not stored locally on the machine. Of course, in some cases, the attacker will offer to provide the password — for a cost.

Safe Systems has not encountered this type of malware on any of the more than 26,000 devices it manages for banks and credit unions. At this time we don’t know whether it encrypts data on mapped drives, or is simply limited to individual machines. The Birele file encryption malware may be a variation of something that was first identified more than a year ago as Trojan-Ransom.Win32.Rector. Kaspersky has additional details on that particular attack.

When it comes to security, Safe Systems recommends financial institutions take a systematic approach that addresses three key areas: system hardening, security monitoring and validation. Systems hardening includes measures such as automated patch management, integrated antivirus and automated security baseline measurements. Monitoring includes firewall monitoring, network intrusion prevention services, server intrusion prevention and vulnerability scanning. Validation means being able to provide comprehensive reports, regular assessments and exam preparedness to ensure banks are up to snuff with regulators.