Ransomware is a type of malware that will keep an individual’s computer system hostage in exchange for something-usually money. They do this by encrypting an individual’s system such as their files and applications to deny their access until the ransom is paid.
So What is The Sugar Ransomware?
Sugar ransom note(Source: BleepingComputer)
The Sugar ransomware that was discovered by the Walmart Security Team in November 2021 has been on the rise, targeting individuals instead of big corporations. It’s also called Encoded01 because the encrypted files will have a .encoded01 extension. Like most ransomware, the sugar ransomware uses a public key and private key setup and according to BleepingComputer, the Sugar ransomware uses the “SCOP encryption algorithm”. This algorithm will turn text into encrypted code that is only readable if the individual has the private key. Even though the public and private key system was intended to be used for better security reasons, it can be abused by cyberterrorist as a tool for ransomware.
According to BleepingComputer, the ransom amount is based on the number of encrypted files and is usually affordable. Even though the ransom is quoted to be “affordable”, the individual may still have to pay hundreds of dollars to unlock their files which may be considered a massive price to some people. It was also noted that the victims did not know where they got the Sugar ransomware from, meaning everyone is a potential target for these attacks. This makes the Sugar ransomware extremely dangerous if an individual is not protecting their computer system from these ransomware attacks.
How The Sugar Ransomware Works
Once the sugar ransomware is executed, it will connect to whatismyipaddress.com and ip2location.com. This security breach alone may scare people because the attacker will now have knowledge of a person’s general location-most likely the victim’s home.
It will then download a 76MB file of unknown origin and, as of now, unknown function. The fact that its function is still unknown should put users on alert.
Finally, the Sugar ransomware will connect to a command and control server. Also known as the C2 server, this server will allow the attacker to send and receive data from the victim. This enables the attacker to encrypt the individual’s files and prevent access.
After the encryption of files, the victim will be prompted with a text file containing instructions on how to retrieve their now encrypted files. Victims will then be directed to the Tor website to make their payment as shown below:
Tor website(Source: BleepingComputer)
Like most ransomware, if the demand is not paid then all the files that have been encrypted will be lost. In this situation most people would likely pay the fee to restore their files, however, there is still an uncertainty of whether the attacker will fulfill their end of the deal.
Ways to Protect Yourself From Ransomware
- Backup your files on a remote system where the attacker cannot reach them. Your files will be safe in the backup and will not be encrypted.
- Be cautious when clicking on mysterious links on any platform because that is the most common way a cyberterrorist uses to infect a system.
- Before downloading anything, make sure the website address or email attachments can be trusted.
References
https://www.mcafee.com/enterprise/en-ca/security-awareness/ransomware.html
Interesting blog! The fact that this is happening to ordinary people makes this topic relatable. I liked how you mentioned the use of private and public keys to encrypt files during an attack, and how this technique was developed for security purposes, but it can be used for malicious purposes as well. It’s scary that the attacker can get your general location from your IP address. I hope that the attacker isn’t using this information after you’ve paid the ransom!
It’s interesting how the cyberattackers treat this as a “business.” If it is true that they always hold up their end of the deal, it makes you wonder what kinds of morals or ideas of morality these people have. From the looks of the images you posted, they likely aren’t from any primarily English-speaking countries, as there appear to be quite a few grammatical errors. Do you think they primarily target users in western countries or also distribute their ransomware to other parts of the world as well?
Oh great, another ransomware threat filled with broken English that’s filled with more uncertainty than you can shake a stick at, really excited for this to keep me paranoid about every small file that I might download.
Jokes aside, great post. Just the knowledge that there’s another ransomware making its rounds through the public circles already reduces the risk of people becoming compromised by unknown files. It’s interesting how they’re treating this as a business venture and not just a quick cash grab exploiting as many people they can and getting out. However the thing that grabbed the most of my attention is their claims of “affordability.” and the fact that the ransom increases depending on the number of files encrypted. Most ransomware I personally hear about have ransoms in the range of thousands of dollars worth of bitcoin in order to *hopefully* decrypt the files, so hearing a ransom in the hundreds further makes it appear that they’re trying to do this as a business venture, and I wouldn’t be surprised if this group launches further ransomware attacks exploiting different vectors moving forward.
All in all, great post again. Thanks for letting us know about this!
This is one of the most terrifying bits of ransomware I’ve come to learn about. Most ransomware is made to target large corporations or richer people, but Sugar has been made to attack lower level targets. It’s horrifying that they immediately learn your location and that mystery file could be doing anything from mining bitcoin to monitoring your data to do something like memz and kill your computer the moment you find and remove the malware. This is a really informative post on ransomware in general, but it also gave us even more reason to be careful online.
With remote work being so common place, it is now prime-time for ransomware to spread and target individuals who need to use their computer for work and have no choice but to pay the ransom out of fear or embarrassment. I think what makes this type of random-ware successful, is that lets the victim be aware that their potential address has been leaked and could let on that they could even have more information about their victim. If this occurred on a victim’s work computer, they could then be hesitant to inform their IT department, especially if they’ve been using their computer to access & download non-work related websites & files.
It’s always scary when a new attack is discovered and nobody knows anything about it. The fact that this seems to be attacking regular people and nobody knows the source makes it all the more worrying. Hopefully it gets traced to an origin point or a weakness in its encryption method is found soon. Thanks for making everyone aware of this so we can take extra steps to be safe by backing up some of our important data!
This is quite an interesting topic! I haven’t heard of this ransomware before, but it certainly seems as though it’s made a massive impact on many people. It makes sense that they would allow users to decrypt 1 to 5 individual files for free, as this allows them to “earn their trust” and see that the decryption actually works. I write a blog post about ransomware in hospital devices, and it really shows that things like this can have serious consequences for everyone, because sometimes it goes beyond just the individual that is being attacked. Hospital equipment can be compromised, thus endangering thousands of people until the sum is paid. I suppose the best we can hope for is that security against these kinds of attacks will improve in the future.
It is interesting to read about a new ransomware operation that targets individual computers, rather than corporate networks. This means that we can also be a potential target for this new ransomware attack. Thank you for raising awareness about the new ransomware. Since there are still lots of unknown things about this ransomware yet, we all need to keep researching this topic and should be alert.
Also, It was interesting to see that this ransomware uses a public and private key system that we discussed in the lecture. When we have a discussion about a public/private key system, we were taught that it was intended to be used for better security reasons. However, as you mentioned here, this system can be abused by attackers as a tool for ransomware. This is quite frightening to read because there are many new technologies with good intentions that are misused by attackers with malicious intent. We should try to minimize security flaws and keep making updates to prevent abuse/misuse.
This is a great post! I had not heard of the Sugar ransomware before so this helped share insight on something I did not know existed. It is very interesting yet scary that the people infected do not know how they got infected. If this was known then it would be easy to know exactly what to look out for, however since it is not it is important to proceed with extra caution. As you said, hundreds of dollars may seem like a lot to people so your recommendation of having back storages is a great way to help mitigate the losses if someone is affected by the ransomware. Overall this post was very insightful and helpful.
I never knew that a keypair could be used in such a fashion, I only thought the applications of such things could only be like connecting to a ssh like in topic 3. Its very interesting to see how something intended on being used to promote security be used in a fashion to aid ransomware attacks. Also, the concept of an affordable ransomware seems novel to me as I’ve only seen ransomware have like a set amount. Also, how does it know how many files are encrypted? does it send the data to the website when the victim accesses it? Anyways, very interesting topic, it was cool to read how this ransomware acts in comparison to other ransomware.
Super interesting article. I wonder though, if this specific piece of headache-ware was identified all the way back in November of 2001, how are there still so many unknowns regarding it’s operation and functionality? That’s approaching 25 years of unbroken functionality, which seems almost absurd. In your opinion, why do you think this malware has stuck around for so long?
Nonetheless, it’s great that you’re bringing awareness to the rest of the class about this particular piece of malware. Also very interesting how we can start to see some real world (albeit illegal) applications of what we’re learning in class!
Very interesting article. This is my first time hearing about this ransomware. It’s quite worrying knowing that this type of ransomware targets, not only just large corporations but everyone. And as you mentioned before, it’s not always guaranteed that the people behind the ransomware will “fulfill their end of the deal”. Ransomware seems to be always be trending nowadays, it seems like a sign that there’s definitely going to be more ransomware that targets individuals instead of these large corporations in the future.
Also I never even knew that Walmart even had a security team.
It sucks that the origin of this ransomware is unknown. I assumed Walmart had a security team but I never assumed they would investigate things not directly affecting their company. I wonder how they came across this ransomware. I’m sure it has put many people in a very conflicting position, having to decide if paying the ransom would be the right choice. It’s always a good reminder to have a secondary system for file recovery.
Very informative post. I’m always worried about what would happen if one of my loved ones or close friends were to be attacked by these scheming hackers. Not everyone has the funds or the time to deal with something as annoying as ransomware, and being an unfortunate victim can cause irrepairable damage. Just knowing that those who were affected don’t even know how they were infected already puts shivers down my spine.
Hey this was a great post. I really liked the section on how to defend oneself from ransomware. I think more businesses need to get on this because they are the most vulnerable to these viruses. I think you should look into the eternal blue virus which was developed by the NSA to spy on their citizens. In fact, the malware was highly influenced by the code that was used to build the eternal blue virus. Also, what do you think is the future direction the virus might take? I am thinking along the side of kernel-centred attack which could lock the computer permanently. Otherwise, I think you did a good job on describing the process of ransomware. Kudos!
I never realized that there was ransomware that targets ordinary people, I always assumed it would be larger agencies. Your post is really informative and helps bring awareness to one of the many different types of cyberattacks. It is really interesting to read how this ransomware works and I’m surprised to see that most victims don’t know where the Sugar Ransomware originated from. It’s really unfortunate for those who can’t afford to meet the conditions, so it’s great that you are bringing this information to light. Also, I appreciate the protection section of your article. Thanks for the interesting read!
Informative post! What I found the most interesting here is the attacker’s message and how they state that this is a “business” and they admit only getting benefits. And based on the poor grammar of the message we can also assume they aren’t from an English-speaking country (or community). It’s also frightening that the victims don’t even realize that they got the malware and how they got it. It really shows how important it is to be aware of what you click on the internet and to regularly back up your files to decrease the consequences of ransomware.
Thank you for bringing this newfound security threat to our attention, especially one that targets everyday people such as ourselves. It is disheartening knowing that some people wish to profit off of holding people’s data for ransom which would likely include family photos and important files. Furthermore, it is quite concerning that sugar ransomware also captures the user’s location on top of encrypting their files. The lack of information on how this ransomware operates and how people are getting infected is also concerning. Hopefully, in due time we will learn more about this new threat and be able to protect ourselves from it. I know that some anti-virus software includes ransomware mediation but I am unsure of how effective they are at preventing such attacks.
A nice and detailed post. The article does a great job describing what sugar ransomware is but also highlights the dangers of it. Reading on through the post, it is interesting to see how easy it could possibly be to receive ransomware on a device. Additionally, the process that the ransomware takes is quite intricate as the requirements in order to encrypt the files is a bit of a lengthy process. I was not aware of the extent that the ransomware has to go through while remaining undetected especially when it comes to downloading content from other websites. The steps the author also wrote in order to protect against ransomware may seem simple and obvious but it also goes to show how not doing a few of these things could potentially compromise your data especially if you are not tech savvy.
The existence of ransomware had never crossed my mind, nor was it ever brought to my attention. It’s scary to think that this could happen to any individual and that the cause or means of infiltrating a system remains largely unknown. Regardless, however, I am glad that you included methods for protecting oneself, since the ransomware cannot just randomly spawn into the computer, and practicing cautious internet usage generally reduces the risks of such happening down to almost nothing. Although having said that, and despite how reassuring it may be for most to know and hear that, I do wonder what I would do if I were to become the victim of ransomware such as this one. While I could possibly pay for my files or forget about them, the thought of someone suddenly locking them up and asking me for money is just plain wrong. It also does not help that there does not exist some other means or external help that could alternatively solve the issue. Having said all this though, I am glad that you brought, not only the existence of ransomware, but also this specific case to my attention and thank you for a very detailed and easy to understand post!
I really like this post since it focuses more on an individual getting hacked rather than large companies, which is more informative to most people. It is sad to think that this ransomware was targeted at individuals, since most of them likely can’t afford to pay, and there are so many more people who are vulnerable and likely to get targeted. I was also shocked and upset to see that the ransomware uses public and private keys to encrypt and decrypt information. Since it is such a useful method to protect yourself and your privacy, it is very upsetting that its power is being used to harm others and that it is incredibly difficult to stop. I’ll now be backing up all of my files and taking the other precautions you mentioned in the post. Thanks for making this post, it was very informative.
Good job on this post!! I didn’t know about ransomware as a whole before this, but it’s quite scary. The thought of being able to destroy anyone’s data simply because they don’t pay, whether they can afford it or not, is a quite sad ordeal for anyone to go through, especially since they have access to your location!! One thing I did find interesting, was the fact that the Tor link had a “.onion” link, likely due to it being involved in the dark web!! It’s an interesting thought that so much disruption can result from browsers such as Tor, though I’m sure this ransomware can also infiltrate computers without this as well. It’s really nice and helpful that you added tips on how to mitigate risk from ransomware!! Really good job 🙂
Hey, incredible post. Even though, almost all ransomware attacks big corporate company, sugar only seems to attack regular folks. This means that we can also be a potential target for this new ransomware attack. It was surprising to see that this ransomware uses a public and private key system that we learned in the lecture. When we discuss a public/private key system, we were taught that it was intended to be used for better security reasons. However, as we learned from this article, this technique can be used to attack people also. Nonetheless, it was cool to read how this ransomware acts in comparison to another ransomware.
The fact that this attack focuses on “average” individuals scares me, as many attacks that I hear of focus on corporations, governments, and high profile individuals, and since I belong to none of these groups I am not as frightened of these hacks. I think that a secure backup is absolutely necessary, as in my case I know that if I were to be hacked in this way I would probably not be able to afford to pay to retrieve my files, but I also would not be able to Not pay and retrieve my files…
The concept of Sugar ransomware is equal parts fascinating and terrifying. Given that it attacks individuals instead of corporations and its targets are randomized, Sugar is a huge threat to public privacy, not to mention, normal people’s bank accounts. Personally, I’d be terrified if a stranger could trace my location and access all my private files with relative ease. Even if the ransom is relatively small, no one wants to deal with this sort of financial inconvenience. I appreciate how your article also has steps for precaution. We should definitely be very careful before clicking suspicious links -even if they are heavily “sugar-coated”.
Heyy! This is a very informative and knowledgeable post I have read. The post does an excellent job at describing sugar ransomware while also emphasizing its hazards. After reading the remainder of the article, it’s amazing to see how simple it is to get malware on a system. Furthermore, the ransomware’s method is highly complex, since the prerequisites to encrypt the data are rather extensive. Overall! I consider that your post is well designed.
This is an interesting article! Usually, when people talk about ransomware, it involves large companies that fall prey to these ransomware attacks, but we can also be targeted by a ransomware campaign as you’ve stated in your article. I can’t fathom how a victim feels when their personal information is stolen, their location is revealed, and they have no option but to pay the ransomware. You’ve listed several excellent methods for being safe, but I’d say using comprehensive security solutions like McAfee is a great way to stay protected. Moreover, only use secure networks.
Great blog post!! I always thought corporations were the only ones that fell victim to attacks like this, but I guess it is a lot easier to attack individuals instead. But I also wonder if this happens on all operating systems, or if it’s just windows.
I think easily the scariest part of this ransomeware is its affordability. While bigger numbers may seem scarier, the inability to afford payment at least removes an avenue for the exploitation of victims: They will find a way to save their files or they wont, but they couldn’t pay even if they wanted to. However, in making it relatively more affordable, I could see how many more would give in to the ransom demands out of desperation.
Obviously its also scary because so much is unknown about it, though I wonder if that works to its advantage as well. While this is clearly enough of an issue to reach news outlets, I don’t know how many resources will be committed to investigating a problem that costs users a couple hundred of dollars at most. When ransomwares charge companies or governments multiple millions there is great incentive to fix the issue, but in this case it would probably cost more to defeat than the money it would save any given individual.
Great post!
Very interesting read Ryan!
One thing that’s quite scary about paying a ransom is assuming that the attacker will follow through with their part. And even if they do, who’s to say they won’t just run the same attack a month later? The vulnerability will most likely be there so the possibility of it happening is there.
This article also shows how important it is to always have backups that you can restore to if something like this were to happen.
Great post!
Great post. I certainly learned more about ransomware as a whole, alarming as it may be. I found it especially unsettling that we still do not know where the 76MB file that Sugar ransomware downloads is from, or what it is for. Hopefully we are able to figure it out soon, as understanding the malware at hand is crucial in developing security protections against it. Overall this post served (at least to me) as an excellent reminder to remain vigilant while browsing the web, and to always keep backups of files that you deem important.
Nice post, Ryan! Prior to this, I had never heard about Sugar ransomware. Now that I am aware however, it’s quite evident that it’s highly malicious. From what I understand, until now, ransomware was more likely to be directed towards large corporations, and thus, would leave the average individual untouched. However, it seems as though the Sugar ransomware, is among the first types of ransomware to target unsuspecting, average people. What I find absolutely devastating about this ransomware is that it appears to have been designed to target small businesses and individuals, when possible. In this case, everyone is susceptible to it, and any one of us, can very well be the next target. With such ransomware attacks on the rise, it should only remind us to keep our systems updated, back up our files regularly, and avoid reusing passwords.
Interesting and informative post! Thanks for raising awareness of the ransomware. It is interesting how you mentioned that the public and private key systems, which are intended for security, can be maliciously used for security attacks instead. The fact that victims often give in and pay for the potential recovery and that the lack of knowledge of the source of the ransomware again demonstrate the challenge of cybersecurity.
Thank you for sharing this topic. Visiting trusted official websites is also becoming more and more important these days. This protects computer from attacks as little as possible. Unsecured sites may contain ransomware. this will not only cost us money and important files, it will also make computers less secure.
Interesting Post ! this was really shocking that the security provider has logged nearly 500 million attempted ransomware attacks through September, 2021, with 1,748 attempts per customer in that nine-month period. The overall total of 495 million to date amounts to a 148 percent surge as compared to the same period last year. SonicWall expects to record 714 million attempted ransomware attacks by the close of 2021, a 134 percent skyrocket over last year’s totals.
Great post! We hear and talk about ransomware lots but it usually seems to only affect large companies, whereas this one is targeting random individuals. Therefore it could affect any of us and we should really be aware of such threats and try and protect ourselves as good as we can (I will do another file backup right now). Additionally, the fact they use a comparably low amount of money is an interesting tactic, that perhaps leads to more people paying the ransom and them still making a lot of money by the sheer amount of people they target.
I like that you explained what the ransomware does, and the unknown file seems very mysterious. I’ll try and stay updated on the Sugar ransomware to see if it will be figured out soon!
I normally get scared and anxious whenever I go through ransomware posts like these. Theres always a chance for a user to become a victim to these ransomware when dealing with untrusted websites which are also not secure. Furthermore, why would anyone trust these malicious ransomware and even pay the ransom, when they can be victims again?
Nonetheless, this post was really eye-opening and informative.
Good job !
Providing an explanation of the concept and introducing the new to us was easier for us to understand. Ransomware attacks always scare me , especially because they are one of the most dangerous attacks , and we should all stay vigilant. You also provided ways to keep ourselves secure ,and it is always good to end a post with something like that.
Well done !
One interesting idea brought up by this post is how cybersecurity tools can be used for the exact opposite purpose. Do cybersecurity professionals consider possible malicious uses when they design new tools? I suppose they should, at any rate!