Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io)

← Back to Stories (view on slashdot.org)

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io)

Posted by EditorDavid on Saturday June 25, 2016 @08:30AM from the extra-extortions dept.

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.
Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."

36 comments

Min score:

Reason:

Sort:

So much fun... by __aaclcg7560 · 2016-06-25 08:38 · Score: 4, Interesting

My job got hit by an email-delivered virus that spread across the network and encrypted 200+ hard drives before being stopped. Fortunately, user profiles are stored on the network. Didn't take much time to deploy loaner laptops and re-image the desktops to get the users up and running again.
1. Re:So much fun... by Anonymous Coward · 2016-06-25 09:09 · Score: 1
  
  My job got hit by an email-delivered virus that spread across the network and encrypted 200+ hard drives before being stopped. Fortunately, user profiles are stored on the network. Didn't take much time to deploy loaner laptops and re-image the desktops to get the users up and running again.
  Another satisfied Microsoft customer?
2. Re:So much fun... by __aaclcg7560 · 2016-06-25 09:12 · Score: 2
  
  Another satisfied Microsoft customer?
  I give thanks to Microsoft for my job security every day.
3. Re:So much fun... by MightyMartian · 2016-06-25 09:31 · Score: 2
  
  I've seen it infect shared drives. Anywhere anyone has read/write permissions, the trojan can do its dirty deeds. You need to have good backups at the very least. The one incident I saw a few months ago managed to get through quite a few files on a couple of shares, but the only loss was a few documents as the nightly backup was up to date.
  Mind you, the real trick can be figuring out which workstation has been infected. While some organizations may be able to reimage everything, for some, they don't have that capacity.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
4. Re:So much fun... by geekmux · 2016-06-25 10:01 · Score: 2
  
  I've seen it infect shared drives. Anywhere anyone has read/write permissions, the trojan can do its dirty deeds. You need to have good backups at the very least. The one incident I saw a few months ago managed to get through quite a few files on a couple of shares, but the only loss was a few documents as the nightly backup was up to date.
  Mind you, the real trick can be figuring out which workstation has been infected. While some organizations may be able to reimage everything, for some, they don't have that capacity.
  You need to have good offline backups.
  That means spooling your backup data to a medium that is then taken offline. No tapes left in the drives. No backup shares left online after the job completes. No pure reliance upon shadow copies or VM snapshots.
  Yes, ransomware is becoming that nefarious.
5. Re:So much fun... by Anonymous Coward · 2016-06-25 11:05 · Score: 0
  
  Holy fuck you're awesome and your stories are pulse-pounding and pure excitement!
  Not nearly so exciting as a great big niggerdick!
6. Re:So much fun... by wbr1 · 2016-06-25 13:34 · Score: 1
  
  You need to have good offline backups.
  That means spooling your backup data to a medium that is then taken offline. No tapes left in the drives. No backup shares left online after the job completes. No pure reliance upon shadow copies or VM snapshots.
  Yes, ransomware is becoming that nefarious.
  Wrong. Online backups are fine, as long as they are versioned and not RW visible to the malware via share/map/nfs/smb etc. This effectively makes the backup offline -to the virus-, but can speed recovery time. We use max backup from logic now, and it is great. On servers, we even install a virtual drive mount of the backups. Quick access to accidental deletes and such on the mounted virtual drive, but it is read-only, so malware run-amok cannot do anything to this backup.
  
  --
  Silence is a state of mime.
7. Re:So much fun... by tlhIngan · 2016-06-25 21:24 · Score: 1
  
  Well, one of the biggest things that happened was activating Volume Shadow Services, aka Previous Versions. Every 4 hours, a snapshot of the shares are taken, so you can go back several weeks.
  Saved my ass several times thanks to finger slips (who puts "Delete" right next to "Rename"?) and the damned Delete shortcut which deletes an entire tree rather than the file. Just load up the last snapshot and restore from that.
  Online services like this are fine provided the malware can't get access to delete rights to the snapshots. And stuff like Apple's Time Machine go through interesting permission machinations to ensure that the backup program can make snapshots, but that normal users or even root can't touch them.
8. Re:So much fun... by Anonymous Coward · 2016-06-26 03:35 · Score: 0
  
  I've Macs hit with ransomware too with even worse results since those shops didn't have shit for security. If you have people that actually know wtf they're doing Windows or Macs can be made ransomware resistant. It's not that hard. we have almost 3K computers and have had no problems. We use a multi-layered security model.
9. Re: So much fun... by Anonymous Coward · 2016-06-26 11:30 · Score: 0
  
  The crypto virus we got deactivated the shadow copies and disabled the service. Always do backups...
Which is why you need some good storage by Sycraft-fu · 2016-06-25 09:07 · Score: 2

If you are doing IT for an enterprise, get stats like this to go to management and show them why you need storage with snapshots and backups to alternate storage. Ya it costs to get a good setup, and it takes some IT time to administer, but all it takes is one of these and it has paid for itself.
We got hit with cryptolocker back in the day, the Dean opened it and it proceeded to go and encrypt the entire administration share he had access to. However we didn't pay shit, I went in to the management console, rolled back to an earlier snapshot, and we were good. Minimal disruption. Even had it somehow been able to blast the snapshots (users don't have write access to them so I can't see a way) we could have pulled data from tape that was at most a couple days old.
There's other reasons to do this too, of course, but this is a big one that is very visible these days, and so worth it.
Re:Trump 2016!!!1! by mark-t · 2016-06-25 09:16 · Score: 1, Offtopic

Why?
Why does nearly every single story on slashdot have to have some effing ignoramus making some entirely off-topic remark or rant about some aspect of US politics?

--
File under 'M' for 'Manic ranting'
Re:Trump 2016!!!1! by Calydor · 2016-06-25 09:18 · Score: 0

Welcome to the internet.

--
-=This sig has nothing to do with my comment. Move along now=-
Ransomeware... by Anonymous Coward · 2016-06-25 09:19 · Score: 1

would be better called Tax on Windows.
Duh by Anonymous Coward · 2016-06-25 09:39 · Score: 0

People are paying, law enforcement is worthless and unable to do anything. Of course they're going to do it more.
1. Re:Duh by gweihir · 2016-06-25 09:46 · Score: 3, Insightful
  
  Law enforcement is busy fighting non-existent terrorists. Of course they cannot do anything about actually dangerous malware.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re: Duh by Anonymous Coward · 2016-06-25 11:41 · Score: 0
  
  Mod up. Pay the danegeld and they keep coming back for more risk-free loot.
Re:Trump 2016!!!1! by gweihir · 2016-06-25 09:44 · Score: 0

Too many idiots on this planet. The only real problem the human race has.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Hunt Them Down by Anonymous Coward · 2016-06-25 09:52 · Score: 0

Anonymous here, again. Six months ago I posted here that these animals need to be hunted down and killed. If they aren't discouraged and stopped, there's nothing to discourage them and those who follow.
Otherwise, what? Some people can't take a hint.
1. Re:Hunt Them Down by Anonymous Coward · 2016-06-25 10:44 · Score: 0
  
  "...need to be hunted down and killed..."
  There are many problems with this, not the least of which is this- It just doesn't work. These guys are socio/psychopaths; trying to discourage them only encourages them more.
  No, there is a medical solution: The Dicknose. Capture them, transplant their dicks to where their noses once were, and then just release them, naked, and preferably in a place where football hooligans hang out.
  "Hey! It's a Dicknose! Let's get him, boyz!" Football hooligans are so cute when it comes to visible penises.
  Remember Nixon? "Don't change Dicks in the middle of a screw, vote for Nixon in '72!" What with Watergate and all, Nixon's nose just grew and grew, until it got to be quite apparent- that wasn't his nose. He resigned in disgrace, and hid out for the rest of his life, ashamed, always having to pee with his head in the toilet. Even now, if you visit his grave, the scent of urine is overpowering; lingering comments from his detractors.
  Dicknoses live in ignominy. They can't even rub their noses in public without somebody claiming that they are rubbing one out. And how do they even smell? (Awful.)
  There will have to be new laws. Dicknoses can't purchase, own, repair, operate or even discuss anything more complicated than sliderules. Think of the Children! (And look at Michael Jackson- he thought of the Children so much his Dicknose actually pulled right off. Too much "Beat It"...)
  The problem with this is that it can prove too popular. First the Malware makers, then the entire Advertising industry, and then finally, they will come for... You. (Not me; I'm pure as the driven yellow snow.) Dicknoses will be become so common that sporting one will no longer carry the stigma. Or smegma. So the next step is the Oral-Rectal transplant. Make one hole serve the needs of two. Again, public humiliation. But even that may not carry much further shame.
  Politicians. How could one tell?
Re:Trump 2016!!!1! by rudy_wayne · 2016-06-25 09:53 · Score: 1

I was going to vote for Trump until I read this.
Congress and FBI to the rescue!! by Lost+Race · 2016-06-25 10:38 · Score: 2

Fortunately, by next year all encryption algorithms will be required by law to have back doors for law enforcement, so if you get hit by one of these crypto ransomware attacks you can just go to the nearest police station and get your files decrypted.
1. Re: Congress and FBI to the rescue!! by Anonymous Coward · 2016-06-25 10:50 · Score: 0
  
  Nice joke. But it requires criminals to obey the law. They already have copies of RSA so they aren't going to need anything new.
2. Re: Congress and FBI to the rescue!! by Anonymous Coward · 2016-06-25 21:22 · Score: 0
  
  Nice joke. But it requires criminals to obey the law.
  Yeah, the FBI does not exactly have a brilliant track record in that respect. But you have to start somewhere, and those are criminals formally on the government payroll. If you manage to get them into compliance (FOIA requests anybody?), the other criminals might just fall in line.
Thank you blockchain by Anonymous Coward · 2016-06-25 10:49 · Score: 1

Isn't bitcoin wonderful.
A world without cash - what could be better.
1. Re: Thank you blockchain by Anonymous Coward · 2016-06-26 03:47 · Score: 0
  
  Winter is coming
Re: Trump 2016!!!1! by Anonymous Coward · 2016-06-25 11:43 · Score: 0

^^^^^
Totally changed my mind as well.
botched plastic surgery by Anonymous Coward · 2016-06-25 19:24 · Score: 0

plastic surgery helps to patients with chronic baldness feel better about themselves and it has also made it possible for a little girl who was
borne with a deformed mouth smile again.many people goes through it and they are satisfied it with botched plastic surgery. for more details go through it botched plastic surgery it is a good type surgery it is available normally in hospitals.
last year was a shift from ransomeware to crypto by bitflusher · 2016-06-26 08:58 · Score: 1

In my work I have been encountering ransomeware at client computers for some years now (fake police type mostly). The news about cryptoransomeware has been flooding around longer but last year was it popped up on my watch. This year it popped up more. Most got away ok with backups/cloud sync or it started encrypting files that were not that important. Only one has payed and reversed the encryption (before consulting me). This is not yet a flood but I suspect it will get worse and someone without backups will be encrypted and the price will be too high or the unencryption key will not be delivered.