Targeted Ransomware Attacks Are Focusing On Business

Uploaded on 2017-04-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

More and more cyber criminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses, according to researchers at Kaspersky Lab.

At least eight groups of cyber criminals involved in encryption ransomware development and distribution have been identified.

The attacks have primarily hit financial organisations worldwide. Kaspersky Lab’s experts have encountered cases where payment demands amounted to over half a million dollars.

The eight identified groups include PetrWrap authors, who have attacked financial organizations worldwide, the infamous Mamba group, and six unnamed groups also targeting corporate users.

It is worth noting that these six groups were previously involved in attacks targeting mostly private users and used affiliate program models. Now, they have refocused their efforts on corporate networks. According to Kaspersky Lab’s researchers, the reason for the trend is clear, criminals consider targeted ransomware attacks against businesses potentially more profitable than mass attacks against private users.

A successful ransomware attack against a company can easily stop its business processes for hours or even days, making owners of affected companies more likely to pay the ransom.

In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organisation with malware through vulnerable servers or spear phishing emails.

Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption. In addition to their similarities, some groups have their own unique features.

For instance, the Mamba group uses its own encryptor malware, based on the open source software DiskCryptor. Once the attackers gain a foothold in the network, they install the encryptor across it, using a legal utility for Windows remote control.

This approach makes the actions less suspicious for security officers of the targeted organization. Kaspersky Lab’s researchers have encountered cases where the ransom amounted up to one bitcoin (around $1,000 to the end of March 2017) per one endpoint decryption.

Another unique example of tools used in targeted ransomware attacks comes from PetrWrap. This group mainly targets major companies that have a large number of network nodes. The criminals carefully select targets for each attack that can last for some time: PetrWrap has been persistent in a network for up to 6 months.

“We should all be aware that the threat of targeted ransomware attacks on businesses is rising, bringing tangible financial losses. The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences,” said Anton Ivanov, Senior Security Researcher, Anti-Ransom, Kaspersky Lab.

CFO Innovation

You Might Also Read: 

Stop Data Breaches, Start With Databases:

Would Killing Bitcoin End Ransomware?:

Turn Threat Data Into Threat Intelligence:

 

 

« Luxembourg: A Prime Target For Cyber Attack
A Geneva Convention For Cyber War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

VectorUSA

VectorUSA

VectorUSA is a premier technology solution provider. We design, build and maintain cybersecurity, data center, wireless and managed solutions – transforming business needs into technology solutions.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service.