Targeted Ransomware Attacks Are Focusing On Business

More and more cyber criminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses, according to researchers at Kaspersky Lab.

At least eight groups of cyber criminals involved in encryption ransomware development and distribution have been identified.

The attacks have primarily hit financial organisations worldwide. Kaspersky Lab’s experts have encountered cases where payment demands amounted to over half a million dollars.

The eight identified groups include PetrWrap authors, who have attacked financial organizations worldwide, the infamous Mamba group, and six unnamed groups also targeting corporate users.

It is worth noting that these six groups were previously involved in attacks targeting mostly private users and used affiliate program models. Now, they have refocused their efforts on corporate networks. According to Kaspersky Lab’s researchers, the reason for the trend is clear, criminals consider targeted ransomware attacks against businesses potentially more profitable than mass attacks against private users.

A successful ransomware attack against a company can easily stop its business processes for hours or even days, making owners of affected companies more likely to pay the ransom.

In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organisation with malware through vulnerable servers or spear phishing emails.

Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption. In addition to their similarities, some groups have their own unique features.

For instance, the Mamba group uses its own encryptor malware, based on the open source software DiskCryptor. Once the attackers gain a foothold in the network, they install the encryptor across it, using a legal utility for Windows remote control.

This approach makes the actions less suspicious for security officers of the targeted organization. Kaspersky Lab’s researchers have encountered cases where the ransom amounted up to one bitcoin (around $1,000 to the end of March 2017) per one endpoint decryption.

Another unique example of tools used in targeted ransomware attacks comes from PetrWrap. This group mainly targets major companies that have a large number of network nodes. The criminals carefully select targets for each attack that can last for some time: PetrWrap has been persistent in a network for up to 6 months.

“We should all be aware that the threat of targeted ransomware attacks on businesses is rising, bringing tangible financial losses. The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences,” said Anton Ivanov, Senior Security Researcher, Anti-Ransom, Kaspersky Lab.

CFO Innovation

You Might Also Read: 

Stop Data Breaches, Start With Databases:

Would Killing Bitcoin End Ransomware?:

Turn Threat Data Into Threat Intelligence:

 

 

« Luxembourg: A Prime Target For Cyber Attack
A Geneva Convention For Cyber War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Landry Consulting

Landry Consulting

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

ICS Cyber Security Conference

ICS Cyber Security Conference

SecurityWeek’s Industrial Control Systems (ICS) Cyber Security Conference is the largest and longest-running event series focused on industrial cybersecurity.

S2T

S2T

S2T builds cyber intelligence solutions based on deep expertise in diverse domains such as intelligence, machine learning and AI, big data processing, statistics and linguistics.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

SOFTwarfare

SOFTwarfare

SOFTwarfare deliver high-quality, reliable and secure enterprise application integrations through RESTful APIs for Cyber, Ops & Dev.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.