Figures from Kasperky Lab’s threat report for Q3 2018 say that WannaCry tops the list of the most widespread cryptor families, with attempted attacks against 74,621 of the security firm’s users across the globe between July and September. However, researchers do note that the overall numbers for ransomware this year are lower than they were for 2017, so Wannacry attacks were a bigger slice of a smaller pie.
Read more about the findings of the new Kaspersky report on ZDNet.
Some of the most potent forms of ransomware of 2018 are being offered for sale in a cut-price bundle deal on the dark web that also contains one of the most dangerous forms of file-encrypting malware to terrorise organisations this year. SamSam is part of the 23 ransomware bundle — significant because previously it’s only been deployed by a highly specialised group.
Other well-known forms of ransomware available in the $750 ‘2018 ransomware pack’ include Magniber, Satan, CryBrazil, XiaoBa, and more. The pack has been uncovered by researchers at cyber security firm Sixgill who describe it as an “extraordinarily rare finding”. The package is a grim reminder of just how easy it is for crooks to get hold of state-of-the-art malware to start their campaigns against businesses and consumers.
Read more about the massive ransomware bundle on ZDNet.
Bitdefender believes the criminal group behind the GandCrab ransomware has lost an estimated $1 million in ransom payments after the company released a free decryption utility for GandCrab victims last week.
The Romanian antivirus maker says that at least 1,700 GandCrab victims were able to successfully decrypt GandCrab-locked files within hours after the tool’s release. Most of these users were located in South Korea, China, India, and the US, according to statistics released by the company.
Read more about the success of the free GandCrab decrypter on ZDNet.
The group behind the disruptive SamSam ransomware has attacked 67 different organizations in 2018, nearly a quarter of which were health care organizations, new research shows. SamSam, which is deployed in a more targeted way than other ransomware, hobbled Atlanta’s municipal agencies in March, and reportedly struck medical-testing giant LabCorp in July.
Cybersecurity company Symantec has released data showing that of the 67 organizations targeted by the SamSam group in the last 10 months, more than 80 percent are based in the United States. “SamSam continues to pose a grave threat to organizations in the U.S.,” a Symantec blog post states. “The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks.”
Read more about the SamSam ransomware campaigns on CyberScoop.
The Kraken Cryptor ransomware has been spotted in the Fallout Exploit Kit, resurfacing an old threat and hinting at the future of ransomware-as-a-service (RaaS).
Kraken has had a “notable development path” over the past few months, report experts from McAfee’s Advanced Threat Research team and Recorded Future’s Insikt group, who collaborated on this analysis. Kraken’s presence strengthened toward the end of September, when a security researcher found it bundled in the Fallout Exploit Kit, which is known for deploying Gandcrab ransomware.
Read more about Kraken’s recent ‘development path’ on DarkReading.
There are two types of organizations: those that have been compromised and know it, and those that have been compromised and don’t know it. That (and the anxiety of whether data is being stolen or changed) keeps CIOs awake at night. As recent ransomware attacks are making news globally for their mounting costs, it’s obvious that once they’ve been hacked, these organizations discover there are deeper problems in their infrastructure or security hygiene that ransomware has exploited.
Avoiding ransomware problems boils down to three basic approaches that apply in general to both private and public sector organizations: good cyber hygiene and user training, best practices, and routine testing of backup and recovery plans.
Read more about how to reduce the threat of ransomware on DarkReading.
The No More Ransom project released today an updated and more potent decryption tool for the GandCrab ransomware in what Europol has described as the “latest victory of law enforcement in the battle against ransomware.”
In the past, security threats typically involved scraping information from systems that attackers could use for other crimes such as identity theft.
Now, cybercriminals have proceeded to directly demanding money from victims by holding their devices—and data—hostage. This type of malware attack in which data is encrypted (or claimed to be) and victims are prompted to pay for the key to restore access, called ransomware, has grown rapidly since 2013.
Read everything you need to know about ransomware on TechRepublic.
A “critical water utility” has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S.
The Onslow Water and Sewer Authority (ONWASA) said that a “sophisticated ransomware attack… has left the utility with limited computer capabilities.” While customer data was not compromised as part of the attack, the lack of computing ability will impact the timeliness of service from ONWASA “for several weeks to come.”
Read more about the ONWASA ransomware attack on Threatpost.
A new report looking at the behavior, market conduct and outcomes of ransomware attacks, suggests that there is not only honor among cyber thieves, but that the ransomware market is becoming efficient, even automated. The report by Coveware sheds light on this frequent scourge in the cyber risk landscape, which has moved “down market” as larger and more valuable targets harden their virtual defenses.
The world of cyber threats is not only misunderstood, it is woefully under-reported because of the twin stigma victims carry. The first being the potential embarrassment and business backlash of having to report compromised systems or a breach of privacy. The second being the misunderstanding that paying a cyber ransom or extortion fee may itself be illicit, which it is not.
Read more about the findings of the new Coveware report on Forbes.