Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io)

← Back to Stories (view on slashdot.org)

Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io)

Posted by EditorDavid on Saturday June 25, 2016 @08:30AM from the extra-extortions dept.

Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware. Trailrunner7 shares an article from On The Wire: Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."

It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.
Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."

7 of 36 comments (clear)

Min score:

Reason:

Sort:

So much fun... by __aaclcg7560 · 2016-06-25 08:38 · Score: 4, Interesting

My job got hit by an email-delivered virus that spread across the network and encrypted 200+ hard drives before being stopped. Fortunately, user profiles are stored on the network. Didn't take much time to deploy loaner laptops and re-image the desktops to get the users up and running again.
1. Re:So much fun... by __aaclcg7560 · 2016-06-25 09:12 · Score: 2
  
  Another satisfied Microsoft customer?
  I give thanks to Microsoft for my job security every day.
2. Re:So much fun... by MightyMartian · 2016-06-25 09:31 · Score: 2
  
  I've seen it infect shared drives. Anywhere anyone has read/write permissions, the trojan can do its dirty deeds. You need to have good backups at the very least. The one incident I saw a few months ago managed to get through quite a few files on a couple of shares, but the only loss was a few documents as the nightly backup was up to date.
  Mind you, the real trick can be figuring out which workstation has been infected. While some organizations may be able to reimage everything, for some, they don't have that capacity.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
3. Re:So much fun... by geekmux · 2016-06-25 10:01 · Score: 2
  
  I've seen it infect shared drives. Anywhere anyone has read/write permissions, the trojan can do its dirty deeds. You need to have good backups at the very least. The one incident I saw a few months ago managed to get through quite a few files on a couple of shares, but the only loss was a few documents as the nightly backup was up to date.
  Mind you, the real trick can be figuring out which workstation has been infected. While some organizations may be able to reimage everything, for some, they don't have that capacity.
  You need to have good offline backups.
  That means spooling your backup data to a medium that is then taken offline. No tapes left in the drives. No backup shares left online after the job completes. No pure reliance upon shadow copies or VM snapshots.
  Yes, ransomware is becoming that nefarious.
Which is why you need some good storage by Sycraft-fu · 2016-06-25 09:07 · Score: 2

If you are doing IT for an enterprise, get stats like this to go to management and show them why you need storage with snapshots and backups to alternate storage. Ya it costs to get a good setup, and it takes some IT time to administer, but all it takes is one of these and it has paid for itself.
We got hit with cryptolocker back in the day, the Dean opened it and it proceeded to go and encrypt the entire administration share he had access to. However we didn't pay shit, I went in to the management console, rolled back to an earlier snapshot, and we were good. Minimal disruption. Even had it somehow been able to blast the snapshots (users don't have write access to them so I can't see a way) we could have pulled data from tape that was at most a couple days old.
There's other reasons to do this too, of course, but this is a big one that is very visible these days, and so worth it.
Re:Duh by gweihir · 2016-06-25 09:46 · Score: 3, Insightful

Law enforcement is busy fighting non-existent terrorists. Of course they cannot do anything about actually dangerous malware.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Congress and FBI to the rescue!! by Lost+Race · 2016-06-25 10:38 · Score: 2

Fortunately, by next year all encryption algorithms will be required by law to have back doors for law enforcement, so if you get hit by one of these crypto ransomware attacks you can just go to the nearest police station and get your files decrypted.