Computer researchers have uncovered a ransomware on the website of the US National Wildfire Coordinating Group (NWCG) in August 2017. The malicious downloader was first identified by NewSky Security researcher Ankit Anubhav.
It is not clear how long the ransomware has been embedded on the official government website and if the malicious file was able to victimize someone.
Although the file was already removed, the fact that it was able to penetrate an official .gov domain is troubling. The majority of such domains are whitelisted by security programs, which means any download made from these sites are generally safe and should be trusted.
Some information about the malicious file
According to researchers, the malicious file hosted a downloader for the Cerber ransomware. Like the majority of ransomware, Cerber attacks by encrypting files on an infected device and makes them inaccessible until the owner agrees to pay a ransom in the form of the digital currency Bitcoin.
The Cerber ransomware has been around for over a year and has been launched in various ways, including as a ransomware-as-a-service attack that users could purchase on dark web forums. It was also discovered in spam campaigns and botnet attacks.
According to telecommunications firm Telefonica’s malware analyst, Mariano Palomo Villafranca, the Cerber downloader also originates from a popular malicious domain.
It is still not clear how the Cerber downloader was able to enter the NWCG website. Anubhav theorized that the site was hacked or the file was included in an email sent to a government official. The email, along with the malicious downloader, was then archived and stored at the site.
The NWCG has not issued a public statement or provided additional information on the discovery and successful removal of the malicious file.
Increasing numbers of ransomware attacks in the past year have been targeting politicians, universities and even private companies for extortion. While the motives of these Cerber attacks are still unknown, it raises concern as to whether government agencies need to revisit their cybersecurity details. Apparently nobody has unassailable cybersecurity, as even 65 percent of US banks failed recent security tests.