New Sugary Ransomware-as-a-Service Targets Individuals

Published: May 09, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



A cyberthreat team at Walmart recently discovered a new ransomware type they dubbed Sugar. In this case, when malware is rented and then used against an individual or group, it’s called ransomware-as-a-service (RaaS). One of Sugar’s most interesting characteristics is that it targets individual devices and not an entire company network. With this ransomware discovery so new, we know Sugar is a RaaS we’ll learn more about in the near future thanks to the Walmart team’s discovery.


Sugar’s RaaS: A Malware-of-the-Month Club?


A quick look at how RaaS like Sugar works, as Trend Micro explains it’s “…a business model that involves selling or renting ransomware to buyers, called affiliates. RaaS…has made it easier for a variety of threat actors – even those who have little technical knowledge – to deploy ransomware against targets…RaaS is based on the software-as-a-service model in which software can be accessed online on a subscription basis.” Cybercriminal wannabes and seasoned hackers alike can launch these rented attacks.



Ransomware, Email Phishing, and Red Flags


According to the FBI, over 90% of cyberattacks enter an organization through phishing emails. Most ransomware is delivered this way by hiding in malicious links and attachments. With this in mind, a revue of email phishing red flags and tips is in order.


  • Think before you click, especially before following website links and opening attachments, as common sense is one of email phishing’s arch enemies. Any email requesting sensitive information needs your full attention, especially if it appears to be from a bank or major company.

  • Always check for generic greetings, poor grammar and spelling, and bad graphics. They’re a sure sign the email sender isn’t who they claim to be.

  • Avoid posting too much information on sites like LinkedIn and Facebook. Being vague about your job title and responsibilities can help avoid spear phishing, a type of email phishing targeting users with personal details found online.

  • Educate employees of all levels to spot spear phishing and other email attacks before it’s too late. Training staffers to recognize and report attacks is invaluable since they are often the first line of defense against email phishing.

  • Keep all software updated, especially for system, anti-virus, and apps. Updates typically have fixes to security flaws and may include security improvements by the developer. Mobile devices should also follow these protocols.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

1 view0 comments