A long-known ransom Trojan has added new tactics and a new talent, according to research released by Kaspersky Labs. The Trojan-Ransom.Win32.Rakhni family has been around since 2013, but a new variant does a search of files on the victim’s system and decides whether to launch ransomware — or simply use the computer to mine cryptocurrency.
Researchers identified a new variant of the remote execution downloader that queries the victim’s system on a number of factors, from the existence of Bitcoin storage to the presence of certain virtual machine managers, before deciding which attack to launch.
Read more about the new variant of the Trojan-Ransom.Win32.Rakhni family on DarkReading.
Last year, high-profile incidents like the WannaCry ransomware outbreak made the file-encrypting malware internet enemy number one. But as 2017 went on the impact of ransomware dwindled and detections of long-standing ransomware families like Locky and Cerber massively declined.
A key factor behind the decline is the rise of cryptocurrency mining malware and low-level cyber criminals shifting their attention to ‘cryptojacking’ as a simpler, less risky means of illicitly making money. So is it all over for ransomware? Perhaps not.
Read why, while there’s been a shift towards cryptojacking attacks, file-encrypting malware is adapting and is still a potent threat to businesses, on ZDNet.
Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.
An experimental form of Android malware delivers a banking trojan, a keylogger and ransomware to those unfortunate to fall victim to it. Uncovered by security researchers at security company ThreatFabric, the malware was first thought to be an updated version of Lokibot – but as it contain various new features researchers are labelling it as a new form of malware – MysteryBot.
However, MysteryBot and LokiBot share the same command and control server, indicating a strong link between the two forms malware, with the potential that they’ve been developed by the same attacker. The malware is also potentially potent, with the trojan capable of controlling the functionality of the infected devices, including the ability to read messages, gather contact information and more.
Read more about the uncovered MysteryBot malware that’s still in development – but has the potential to become a nasty threat, on ZDNet.
Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.
According to the report, 69% of executives said that their company faced a ransom attack in the past year, compared with only 14% noting so in 2016. Meanwhile, two-thirds of executives (66%) report a lack of confidence in their network security, admitting their networks are penetrable by hackers. Beyond more frequent ransom payments, organizations are facing significant consequences and concerns related to cyber-attacks.
A March ransomware attack on the Atlanta Police Department is still being felt three months later as the department reveals it has irrevocably lost all its dashcam footage due to the incident. The March incident affected all of Atlanta’s city government, resulting in the near paralysis of the city. Like many ransomware attacks in the past year, the one that targeted Atlanta, SamSam, relied on unpatched known vulnerabilities to wreak havoc.
For many IT directors and security professionals the data that’s considered valuable in a ransomware situation is mission-essential databases, spreadsheets, applications, and the like. As the APD can attest, there’s a lot of other kinds of media that’s at risk when ransomware hits. Any data stored on a computer or server infected with ransomware is vulnerable, and that includes video, images, audio, and other types of media.
Read more about the kinds of data that could be lost if a ransomware attack hits your organization, and how to prevent this, on TechRepublic.
One third of global business decision makers report that their organization would try to cut costs by paying a ransom demand from a hacker rather than invest in information security.
The findings from the latest Risk:Value report, commissioned by NTT Security, show that a further 16 percent are not sure if they would pay or not, leaving just half of respondents prepared to invest in security and take a less reactive approach to the protection of their organization.
Read more about the findings of NTT Security’s annual Risk:Value report, which surveyed 1,800 C-level executives and other decision makers from non-IT functions in 12 countries across Europe, the US and APAC and from across multiple industry sectors, on Help Net Security.
More than one in three healthcare organizations have suffered a cyberattack within the last year, while almost one in 10 have paid a ransom or extortion fee, according to Imperva. Healthcare data is extremely valuable on the dark web as it contains highly sensitive data, both financial and protected health information. As a result, healthcare organizations are increasingly attractive to attackers.
Imperva’s survey of 102 Healthcare IT professionals, which was carried out at the 2018 Healthcare Information and Management Systems Society (HIMSS) Conference, revealed that 77 percent of respondents were very concerned about a cybersecurity event striking their organization and 15 percent admitted that their organization’s ability to handle a cyberattack needed work.