Increased threat of Ransomware

Virus alert! You have to contact support.

Beware of Increased Threat of Ransomware

Did you know that ransomware attacks against businesses increased threefold in 2016? Why is that, you might ask? Well, that’s because major ransomware gangs are now capable of infecting millions of computers. These gangs lock your data with strong and often unbreakable encryption. Success of these illegal and harmful practices encourages more and more people to commit these crimes.

Even though wide-scale, indiscriminate ransomware campaigns are among the most common, there is an increased focus on targeted attacks against large organizations. These require high levels of technical expertise and are more common to cyberespionage.

How might these cyber-attacks affect your business? Well, they could cause a massive operational disruption and seriously damage your revenues and reputation. Under no circumstances should you pay the ransom or more attackers will follow suit! As an organization, especially, you should be aware of such threats and build appropriate defenses accordingly.

The most affected businesses in the past year have been in the Services sector, followed by Manufacturing, Finance, Insurance, Real Estate and Public Administration. Additional, although somewhat less affected, industrial sectors were Wholesale Trade, Transportation, Communications, Utilities, Retail Trade, Construction, Mining, Agriculture, Forestry and Fishing. The average ransom demand has more than doubled. Even those criminals with relatively low levels of technical expertise can now attack you through the use of ransomware-as-a-service (RaaS).

All of the new variants of ransomware discovered this year are crypto-ransomware compared to 80% last year. During this time, US has been most affected by ransomware followed by Canada, Australia, India, Japan, Italy, the UK, Germany, the Netherlands and Malaysia.

Why this shift towards crypto-ransomware? Well, it is usually the most effective form of ransomware.

In order to evade detection by security products, ransomware has been coded using different programming languages such as JavaScript, PHP, PowerShell or Python. Additional features of high profile ransomware have extended beyond its core functionality of locking devices or encrypting files, thus increasing the level of threat.

You may wonder what sort of ransomware hit many businesses over the course of last year. Well, good examples are TeslaCrypt (also known as Trojan.Cryptolocker.N) and Locky.

So why are some businesses affected more than others? Even though the answer to this question is not yet completely clear, it is believed that the higher the level of integration a given organization has with different internet services, the higher the risk of exposure to infection.

At this stage it would be good to talk a little bit more about the factors driving growth and persistence of ransomware, particularly crypto-ransomware.

The first factor is effective deployment of encryption. Attackers can rapidly encrypt your files with an encryption key and then encrypt the encryption key itself. Second is the rise of Bitcoin and other cryptocurrencies which operate outside the traditional financial system. Ensuring effective spread of ransomware to as many users as possible has also been a factor. Fourthly, advanced attack techniques have allowed hackers to penetrate entire networks with ransomware and then traverse them using legitimate tools, effectively infecting hundreds of computers. The fifth and final factor is RaaS which allows inexperienced hackers to purchase ransomware executables and distribute malware for RaaS creators (experienced hackers), thus earning them percentage of profits.

Finally, if you own a business, Mission Repair Centre believes that you should really take note of the following. Business email compromise (BEC) scams attempt to trick C-level executives into making large wire transfer payments. Bug-poaching attacks compromise corporate servers, stealing data and requesting a fee for information on how the attack was carried out. The Carbanak gang target banks directly instead of bank customers.

Darius Romanek

Mission Repair Centre Team 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *