Table of Contents
If you are a business that regularly transacts with educational organizations, you need to be aware of ChaiChi Malware, the latest ransomware threat to hit the education sector. ChaiChi is a RAT developed by the PYSA ransomware group. The group uses the malware to create backdoors in all types of education-oriented institutions to steal data or lock files before extorting the victims. This piece focuses on the new threat and how organizations can guard against an attack.
ChaiChi first hit the scene in March 2020 a poorly designed malware that could not escape the snares of standard software-based security protocols. However, the PYSA ransomware group has been performing several updates that have dramatically increased its capabilities and turned it into one of the most lethal malware in recent times. So serious is the ChaiChi threat that it has attracted the attention of the FBI.
According to BlackBerry Threat Research and Intelligence, the new ChaiChi has transformed from the earlier poorly designed variant with low-level capabilities into a sophisticated malware with capabilities to perform a range of traditional RAT actions. The latest malware variant can carry out several actions such as, backdoor creation, data exfiltration and credential dumping from the Windows Local Security Authority Subsystem Service (LSASS).
Currently, ChaChi is written in Go, a relatively new language, which makes it quite hard to detect and prevent malware. It also leverages gobfuscate, a powerful obfuscation tool that makes detection of the code such a fruitless task.
The FBI started tracking the activities of ChaiChi in March 2020 and has so far noted a massive increase of the malware’s targets both in the USA and the UK. The first ChaiChi was deployed against the French local government authorities in March 2020. By March 2021, exactly one year later, the group had escalated its threat by targeting several educational institutions in 12 US states. According to the BlackBerry Threat Research and Intelligence SPEAR Team, the gang preferentially target organizations in the education and healthcare sector for the following reasons:
Install anti-spyware
Install antivirus or anti-spyware software to help identify and remove the malware. However, for these tools to be effective, ensure they are regularly updated. Additionally, audit all your files regularly for missing data errors and unauthorized additions.
Secure your authentication methods
Use a strong password of at least eight characters to secure your authentication methods. These characters should include uppercase letters, lowercase letters, numbers, and symbols. You can also use biometric tools such as fingerprints, voiceprints, facial recognition, and iris scan to authenticate the systems. Additionally, avoid saving passwords on a computer.
Keep software updated
All software is prone to malware attacks. However, software vendors regularly provide patches and updates that effectively close new vulnerabilities that may show up. A good practice is to validate and install all new software patches. In a nutshell, ensure you regularly update your operating system, software tools, plugins, and browsers.
Control access to systems
You should also regulate access to your networks to guard against data breaches. You can achieve this by installing or implementing a firewall, intrusion prevention system (IPS), and intrusion detection system (IDS). You should also avoid using unfamiliar remote drives or media used on a publicly accessible device. Additionally, close all unused ports and disabled unused protocols, and remove all inactive user accounts that may serve as an entry point for actors.
Limit application privileges
A ChaiChi malware actor only needs a single open door to infiltrate your organization. Restrict application privileges in your devices to limit the number of possible entryways. Run only applications features and functions that are crucial to your operations.
Implement email security and spam protection
Although email is a crucial communication tool for most organizations, it is also a common malware channel. You can minimize the risk of infection by scanning all incoming email messages for malware. You can also set up spam filters to prevent malicious emails and limit user access to only company-approved links, messages, and email addresses.
Educate your users
Ideally, people in an organization are the best line of defense. One way to win the war against ransomware is by continually educating users, including staff and students, on the tactics that actors deploy to access networks. Keep all users up to date on fundamental cybersecurity trends and best practices.
Ransomware infections can be devastating for educational organizations. Apart from interrupting workflows and stealing your crucial data, ChaiChi malware can result in substantial financial losses and reputational damage. The risks that the malware poses are so severe that the FBI warns the organizations ignoring the threat are doing so at their own risk. At WPG, we offer an array of cybersecurity services to proactively defend your business from hacking. Contact us today for more details about our solutions.
Haven’t heard of SASE before? You’re not alone. Standing for Secure Access Service Edge, SASE…
The presence of cyber risks could lead to a disruption in the operations of any…
IT teams require more effective approaches to monitor and control devices remotely as remote work…
Artificial Intelligence (AI) capabilities like machine learning, natural language processing and robotic process automation are…
From servers to smartphones, schools and businesses depend on scores of devices. Managing this technology…
Do you ever wonder how your school’s computers get software updates or performance fixes without…