Nosu Ransomware: Threatening Critical Sectors

Ransomware

Cryptojacking

Malware

Cybercrime

Nosu Ransomware: Threatening Critical Sectors

Nosu Ransomware: Threatening Critical Sectors

Nosu is a ransomware that encrypts files and demands payment to release them. It spreads through email attachments and compromised network shares and can cause significant data loss and downtime for affected organisations.

Key Insights

Key Insights

Nosu gets into systems through phishing emails with infected attachments. Once a user opens the attachment the ransomware runs and starts encrypting files. Nosu can also spread through network shares, exploiting weak security to get deeper into an organization.

Encryption

Once run Nosu uses strong encryption to lock files and adds a specific extension to each file. The data is then inaccessible without the decryption key which the attackers will provide once the ransom is paid.

Operational Impact

Encryption of critical files can cause significant downtime, disrupting business and potentially leading to financial loss. Organizations will be forced to restore operations and will have to make the tough decision of whether to pay the ransom.

Known Variants

Known Variants

APT15, Ke3chang, Vixen Panda

APT15, Ke3chang, Vixen Panda

Mitigation Strategies

Mitigation Strategies

  • Segment networks to prevent lateral movement and ensure all sensitive data is protected by strict access control policies.

  • Regular patching and monitoring of all endpoints can help identify and mitigate any potential vulnerabilities early.

  • Implement robust email filtering to block malicious attachments.

  • Maintain up-to-date backups stored offline to facilitate recovery.

Targeted Industries or Sectors

Targeted Industries or Sectors

Nosu has been active in targeting government agencies, defense contractors, energy companies, and diplomatic entities. These industries are prime targets for espionage and intelligence gathering.

Nosu has been active in targeting government agencies, defense contractors, energy companies, and diplomatic entities. These industries are prime targets for espionage and intelligence gathering.

Associated Threat Actors

Associated Threat Actors

Nosu is attributed to the Chinese state-sponsored cyber espionage group APT15 (also known as Ke3chang or Vixen Panda).

Nosu is attributed to the Chinese state-sponsored cyber espionage group APT15 (also known as Ke3chang or Vixen Panda).

References