Targeted Ransomware Attacks Are Focusing On Business

Uploaded on 2017-04-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

More and more cyber criminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses, according to researchers at Kaspersky Lab.

At least eight groups of cyber criminals involved in encryption ransomware development and distribution have been identified.

The attacks have primarily hit financial organisations worldwide. Kaspersky Lab’s experts have encountered cases where payment demands amounted to over half a million dollars.

The eight identified groups include PetrWrap authors, who have attacked financial organizations worldwide, the infamous Mamba group, and six unnamed groups also targeting corporate users.

It is worth noting that these six groups were previously involved in attacks targeting mostly private users and used affiliate program models. Now, they have refocused their efforts on corporate networks. According to Kaspersky Lab’s researchers, the reason for the trend is clear, criminals consider targeted ransomware attacks against businesses potentially more profitable than mass attacks against private users.

A successful ransomware attack against a company can easily stop its business processes for hours or even days, making owners of affected companies more likely to pay the ransom.

In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organisation with malware through vulnerable servers or spear phishing emails.

Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption. In addition to their similarities, some groups have their own unique features.

For instance, the Mamba group uses its own encryptor malware, based on the open source software DiskCryptor. Once the attackers gain a foothold in the network, they install the encryptor across it, using a legal utility for Windows remote control.

This approach makes the actions less suspicious for security officers of the targeted organization. Kaspersky Lab’s researchers have encountered cases where the ransom amounted up to one bitcoin (around $1,000 to the end of March 2017) per one endpoint decryption.

Another unique example of tools used in targeted ransomware attacks comes from PetrWrap. This group mainly targets major companies that have a large number of network nodes. The criminals carefully select targets for each attack that can last for some time: PetrWrap has been persistent in a network for up to 6 months.

“We should all be aware that the threat of targeted ransomware attacks on businesses is rising, bringing tangible financial losses. The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences,” said Anton Ivanov, Senior Security Researcher, Anti-Ransom, Kaspersky Lab.

CFO Innovation

You Might Also Read: 

Stop Data Breaches, Start With Databases:

Would Killing Bitcoin End Ransomware?:

Turn Threat Data Into Threat Intelligence:

 

 

« Luxembourg: A Prime Target For Cyber Attack
A Geneva Convention For Cyber War »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Sectra Communications

Sectra Communications

Sectra successfully develops and sells cutting-edge solutions in the expanding niche segments of medical IT and cybersecurity.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Trisul Network Analytics

Trisul Network Analytics

Trisul helps organizations deploy full spectrum deep network monitoring which can serve as a single source of truth for performance monitoring, security analytics, threat detection and compliance.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Cyber Explorers

Cyber Explorers

Cyber Explorers is a fun, free and interactive learning platform for future digital superstars. An exciting addition to UK curriculum delivery or after school activities.

Trium Cyber

Trium Cyber

Trium Cyber - Expert Cyber Underwriting and Claims Management. Based in the US and UK. Backed by Lloyd’s of London.

Quotient

Quotient

Quotient builds digital experiences that empower and inspire the American people by understanding their needs, simplifying complex technical solutions and adapting to how they work, live and learn.

Bridgenet Solutions

Bridgenet Solutions

Bridgenet specialises as a top-notch Information and Technology Solutions Provider for businesses.