Targeted Ransomware Attacks Are Focusing On Business

Uploaded on 2017-04-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

More and more cyber criminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses, according to researchers at Kaspersky Lab.

At least eight groups of cyber criminals involved in encryption ransomware development and distribution have been identified.

The attacks have primarily hit financial organisations worldwide. Kaspersky Lab’s experts have encountered cases where payment demands amounted to over half a million dollars.

The eight identified groups include PetrWrap authors, who have attacked financial organizations worldwide, the infamous Mamba group, and six unnamed groups also targeting corporate users.

It is worth noting that these six groups were previously involved in attacks targeting mostly private users and used affiliate program models. Now, they have refocused their efforts on corporate networks. According to Kaspersky Lab’s researchers, the reason for the trend is clear, criminals consider targeted ransomware attacks against businesses potentially more profitable than mass attacks against private users.

A successful ransomware attack against a company can easily stop its business processes for hours or even days, making owners of affected companies more likely to pay the ransom.

In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organisation with malware through vulnerable servers or spear phishing emails.

Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption. In addition to their similarities, some groups have their own unique features.

For instance, the Mamba group uses its own encryptor malware, based on the open source software DiskCryptor. Once the attackers gain a foothold in the network, they install the encryptor across it, using a legal utility for Windows remote control.

This approach makes the actions less suspicious for security officers of the targeted organization. Kaspersky Lab’s researchers have encountered cases where the ransom amounted up to one bitcoin (around $1,000 to the end of March 2017) per one endpoint decryption.

Another unique example of tools used in targeted ransomware attacks comes from PetrWrap. This group mainly targets major companies that have a large number of network nodes. The criminals carefully select targets for each attack that can last for some time: PetrWrap has been persistent in a network for up to 6 months.

“We should all be aware that the threat of targeted ransomware attacks on businesses is rising, bringing tangible financial losses. The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences,” said Anton Ivanov, Senior Security Researcher, Anti-Ransom, Kaspersky Lab.

CFO Innovation

You Might Also Read: 

Stop Data Breaches, Start With Databases:

Would Killing Bitcoin End Ransomware?:

Turn Threat Data Into Threat Intelligence:

 

 

« Luxembourg: A Prime Target For Cyber Attack
A Geneva Convention For Cyber War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

3B Data Security

3B Data Security

3B Data Security offer a range of Penetration Testing, Digital Forensics, Incident Response and Data Breach Management Services.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

AI Security Institute (AISI)

AI Security Institute (AISI)

The AI Security Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.

Cyex

Cyex

Cyex helps people to become cyber wise. We enable our clients to find, track and improve cyber awareness in one place.

Dial A Geek

Dial A Geek

Dial A Geek are a Bristol-based B Corp that provides Managed IT Services to companies of 20+ users. We help businesses with a smart use of tech, including compliance and cybersecurity solutions.