Share your valuable feedback, comments or suggestions on Ransomware
Ransomware
The cybercriminals nowadays reached the new level of maturity and menace and are organized. They are using malware which encrypts files and folders of hacked computer or server. Fearlessly they demand bitcoin as ransom, to release the system under their control and if not paid, would delete ransomed data.
Companies who refused to Pay Ransomware
According to information via Right-to-know request by a local reporter from TribLive, Pennsylvania Senate Democrats paid $703,697 to Microsoft to help rebuild IT systems and infrastructure after the March 2017 ransomware incident. On March 3, 2017, the organizations entire IT systems including web servers went down a the hands of un-revealed ransomware strain. The 28 bitcoins nearly $30,0000 were demanded to decrypt and unlock of ransomed data, which was declined by officials. Finally, they restored the data from backups and rebuilt the entire IT system from scratch.
Few more examples decided to rebuild the entire system instead of paying ransom like Atlanta city computers, the Colorado Department of Transportation which got hit twice by SamSam ransomware in February and March 2018. Similarly done Erie County Medical Center in Buffalo in 2017. The reason behind that was there was no guarantee of recovered data, and also anyway they have to rebuild the systems avoid future headaches. Also, the old systems would get exploited repeatedly until system administrators deploy proper fixes.
Is Ransomware Salient?
In 2017, the volume of Ransomware attacks grew by over 400%, which came drastically down in 2018. Possibly the cybercriminals moved to crypto jacking to mine cryptocurrency. Another reason that they have moved towards massive network-wide breaches by variants such as SamSam, BitPaymer, and Dharma over publicly exposed remote desktop services. That is why the Internet Crime Complaint Center (IC3) has released a security alert about attacks targeting exposed remote desktop services.
(September 28, 2018) The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, issued a security alert regarding Remote Desktop Protocol (RDP) Attacks for corporate theft, installation of backdoors, or as a launching point for other attacks.
Protection
- Regularly backup data offline locally on some device or on the cloud.
- Keep Windows operating system updated with new releases and patches. The WannaCrypt was designed to exploit unpatched Windows 7, Windows Server 2008, and earlier version like WindowsXP.
- No More Ransom website launched collaboratively by Europol and Dutch National Police with cybersecurity companies like Kaspersky and McAfee. The site provides decryption tools for ransom variants.
- Install Security software like antivirus, which could effectively block the threat through spam and provides layers of protection. Harden network that decreases the exposure to the threat.
- Businesses should train employees of social engineering tactics used in spreading ransomware. Make them wary of emailed attachments and links, especially from untrusted senders.
- Researchers released a decryptor for WannaCryFake ransomware
Ransomware Targeting Hosting Companies
- May 2019, A2Hosting servers encrypted by a version of the GlobeImposter 2.0 ransomware strain.
- June 2017, South Korean web hosting firm Internet Nayana paid 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware incident.
- July 2019, iNSYNQ, a cloud computing provider of virtual desktop environments infected y a version of the MegaCortex ransomware.
- (November 10, 2019) SmarterASP.NET ASP.NET hosting provider infected by ransomware having more than 440,000 customers on Saturday, November 09, 2019. Hackers breached the network and encrypted data on customer servers. They have encrypted both files and backend databases and appended ‘.kjhbx' Extension. The company is struggling to decrypt the customer's data with the help of security experts.
Ransomware Victims
- Paradise ransomware sold as ransomware-as-a-service on the dark web locks the victim's network. It is delivered as a malicious zip attachment in phishing emails. The ransomware unpacks itself and encrypts files on the affected computer. It adds extensions which includes “.paradise”, “.2ksys19”, “.p3rf0rm4”, and “.FC”. It also deletes backups for maximum impact to pressurize victims to pay a bitcoin ransom as set by the individual attacker.
Since September 2017, this ransomware has caused trouble for victims. Researchers at cybersecurity company Emsisoft released a free decryption tool for Paradise. Victims now can get their files back without paying extortion bitcoins to the demands of cybercriminals to retrieve their data. - In June 2017, South Korean web hosting company paid a one million dollar ransom to cybercriminals. They fall victim to a Linux variant of the Erebus. A rare case as the vast majority of ransomware targets Windows.
Latest News
(November 19, 2019) Trustwave researchers discovered a malicious email spam campaign with the socially engineered message subject as ‘Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!'
It informs about ‘Critical Windows Update' using a file that purports to be in .jpg format but is a spoofed executable file and installs ‘Cyborg' Ransomware. Windows users mostly keep the system updated, thus the message lure victims into clicking malicious files.