Ransomware in targeted attacks against businesses

Ransomware vs. Business: Kaspersky Lab researchers have discovered an emerging and worrying trend: more and more digital criminals are turning their attention from attacks on individuals to attacks with ransomware programs targeting businesses.

At least eight groups of digital criminals related to the development and dissemination of an encrypted ransomware program have been identified. The attacks have primarily hit financial institutions worldwide. Kaspersky Lab experts have recorded cases where cash claims are estimated at more than half a million dollars.Ransomware

The eight recognized groups include PetrWrap's creators who have attacked financial institutions worldwide, the notorious Mamba group and six other unfamiliar groups targeting mainly corporate users. It is worth mentioning that these six groups have until recently been involved in attacks primarily targeting individuals and using identical programs. They have now redirected their efforts into corporate networks. According to Kaspersky Lab researchers, the reason for this trend is clear - criminals believe that attacks with ransomware programs against businesses have prospects for higher profits in relation to massive attacks on individuals. A successful ransomware attack against a company can easily put an end to the orderly functioning of the business for hours and even days, making the owners of the attacked companies more likely candidates to pay ransom.

More generally, the tactics, techniques and procedures used by these groups have several common elements. They "infect" the targeted organization with malicious software via vulnerable servers or phishing email. Then, they are persistently installed in the victims' network and recognize vulnerable corporate resources to encrypt them. Then, in return, they ask for a ransom for decryption. Apart from their similarities, some of the groups have their own features and features.

  TMitch: Fileless malware attacks remotely at ATM

For example, the Mamba team uses its own malware, based on the open source software DiskCryptor. Once the attackers gain access to the network, they install the encryptor on it, using a legitimate remote control utility for Windows. This approach makes actions less suspicious for the security staff of the target organization. Kaspersky Lab researchers have encountered cases where ransom has reached up to one bitcoin (approximately $ 1.000 by the end of March 2017) per decryption terminal.

Yet another unique example of the tools used in targeted ransomware attacks is PetrWrap. This group targets mainly large companies that have a large number of network nodes. The criminals carefully selected for each attack targets that last for some time: PetrWrap has persisted in a network up to 6 months.

"We all need to know that the threat of targeted ransomware attacks on businesses is growing, leading to tangible financial losses. The trend is worrying, as ransomware operators have begun their "crusade" for new and more lucrative victims. "There are many more potential ransomware targets that circulate freely, with attacks having even more devastating consequences." said Anton Ivanov, Senior Security Researcher, Kaspersky Lab's Anti-Ransom.

To protect organizations from such attacks, Kaspersky Lab's security experts advise:

  • Make secure and timely backups of your data so that they can be used to restore original files after a data loss incident.
  • Use a security solution with behavioral-based detection technologies. These technologies can "catch" malicious software, including ransomware programs, seeing how it works during the attack on the system and makes it possible to detect new and even unknown samples of ransomware.
  • Visit No More Ransom, a joint initiative to help victims of ransomware programs recover their encrypted data without having to pay criminals.
  • Check the installed software, not only at the endpoints, but also on all nodes and servers on the network and keep it up to date.
  • Perform a security audit of the control network (ie, a security audit, penetration testing, gap analysis) to identify and eliminate any security gaps. Review external and third party security policies if they have direct access to the control network.
  • Request External Information: Information from trusted providers helps organizations anticipate future attacks against the company.
  • Educate your employees with special emphasis on operational and technical staff and raise awareness of recent threats and attacks.
  • Provide protection inside and outside the perimeter. A proper security strategy must have significant resources to detect and respond to an attack in order to prevent an attack before it reaches critical items.
  Greek Hacking Scene: Hacked the Ministry of Labor

For more information on targeted Ransomware attacks, you can read blogpost on the Securelist.com website.

Follow us on Google News iGuRu.gr at Google news

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published.

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).


56 +    = 64