Why You Must Make Ransomware a Security PriorityApril 3, 2017Categories: News. Tags: ransomware, root out ransomware, and Security.
Why You Must Make Ransomware a Security Priority
Security Priority : MALWARE THAT ENCRYPTS key data and demands a ransom for its release has emerged as a top threat to business, according to researchers at security firms Kaspersky Lab and FireEye. A report from Kaspersky Lab revealed that the first quarter of 2016 saw a spike in the use of so-called ransomware attacks, which researchers said could become the main problem of 2016.
According to Kaspersky Lab, the company’s database includes around 15,000 ransomware modifications, and the number continues to grow.
Of the 345,900 ransomware attacks blocked in the first quarter, the security firm said 17% targeted the corporate sector. The number of new pieces of mobile ransomware increased to 2,895, up 46% compared with the previous quarter. One of the most widespread attacks in the first quarter of the year was Locky, which Kaspersky Lab detected in 114 countries.
The top three ransomware families were Teslacrypt (58%), CTB-Locker (24%) and Cryptowall (3%), which all spread mainly through spam email with malicious attachments or links to infected webpages.
TECHNOLOGICAL INNOVATION IN RANSOMWARE
A ransomware called Petya was interesting from a technical perspective, the Kaspersky Labs report noted. Petya can not only encrypt data stored on the computer, but can overwrite the hard disk drive’s master boot record, leaving infected computers unable to boot into the operating system. This represents significant technological innovation in ransomware, the researchers said.
“One of the reasons why ransomware has become so popular lies in the simplicity of the business model used by cyber-criminals,” said Aleks Gostev, chief security expert in Kaspersky Lab’s Global Research and Analysis team.
“Once the ransomware gets into the user’s system, there is almost no chance of getting rid of it without losing personal data. The demand to pay the ransom in Bitcoins makes the payment process anonymous and almost untraceable, which is very attractive to fraudsters.” he said.
“Once ransomware gets into the users’ system, there is almost no chance of getting rid of it without losing personal data.” —ALEKS GOSTEV
RANSOMWARE TRENDS, THREATS
Another reason for the rise in ransomware attacks, according to Kaspersky Lab, is that those they target believe the threat is unbeatable.
“Businesses and individuals are unaware of the technological countermeasures that can help to prevent infection and files being locked up. By ignoring basic IT security rules, they allow cyber-criminals to profit.” Gostev said.
A threatening trend, Gostev said, is the ransomware-as-a-service business model, where cyber-criminals pay a fee for the propagation of malware or promise a percentage of the ransom an infected user pays, making it easier than ever to carry out this type of attack.
Kaspersky Lab researchers said there are also services that work the other way round, offering a complete set of tools to the encrypter, who takes responsibility for distributing the Trojan and takes 10% of the ransom as commission.
The Kaspersky researchers also reported instances of well-known Chinese and other attack groups using ransomware. “If these incidents become a trend, the threat will move to a new level because the damage caused by ransomware is not much different from that caused by Wiper-type Trojans. In both cases, user data becomes inaccessible.” the report said.
Another worrying trend, the Kaspersky Lab researchers said, is that ransomware Trojans are expanding their sphere of activity, with CTB-Locker targeting web servers.
RISE OF RANSOMWARE
According to the data gathered by FireEye, the upward spiral of ransomware began accelerating in the second half of 2015.
The development of families with new anti-detection or encryption methods suggests enough victims are paying consistently enough to motivate cyber-criminals to constantly improve their malicious code, FireEye researchers said.
“The threat landscape is changing every day, and organizations need to seek any advantage they can find to try and stay one step ahead of the attackers,” said Richard Turner, regional president at FireEye. “The evidence highlighted in this report demonstrates that geopolitical, financial and economic changes happening in the region are increasingly mirrored in the cyber-security world.”
It’s critical that all organizations prepare now for the reality of ransomware. They need to secure their systems wherever possible and know what to do in the event of a breach. As Turner noted, organizations “are only as strong as their ability to adapt.”. —[IRS]
Successfully defending your organization against ransomware attack takes preparation and an understanding of what to look for if an attack begins.