Kaspersky Lab identifies ransomware actors focusing on targeted attacks against businesses
Kaspersky announced the discovery of an new emerging and alarming trend that more and more cybercriminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses.
According to Kaspersky, at least eight groups of cybercriminals, such as PetrWrap, Mamba group involved in encryption ransomware development and distribution have been identified. The attacks have primarily hit financial organizations worldwide. Kaspersky Lab’s experts have encountered cases where payment demands amounted to over half a million dollars.
The reason for the trend is clear – criminals consider targeted ransomware attacks against businesses potentially more profitable than mass attacks against private users. A successful ransomware attack against a company can easily stop its business processes for hours or even days, making owners of affected companies more likely to pay the ransom.
In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organization with malware through vulnerable servers or spear phishing emails. Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption. In addition to their similarities, some groups have their own unique features.
“We should all be aware that the threat of targeted ransomware attacks on businesses is rising, bringing tangible financial losses. The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences,” said Anton Ivanov, Senior Security Researcher, Anti-Ransom, Kaspersky Lab.
To stay alert, Kaspersky Lab security experts advise the following:
Conduct proper and timely backup of your data so it can be used to restore original files after a data loss event.
Use a security solution with behavior based detection technologies. These technologies can catch malware, including ransomware, by watching how it operates on the attacked system and making it possible to detect fresh and yet unknown samples of ransomware.
Visit The “No More Ransom” website, a joint initiative with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
Audit installed software, not only on endpoints, but also on all nodes and servers in the network and keep it updated.
Conduct a security assessment of the control network (i.e. a security audit, penetration testing, gap analysis) to identify and remove any security loopholes. Review external vendor and 3rd party security policies in case they have direct access to the control network.
Request external intelligence: intelligence from reputable vendors helps organizations to predict future attacks on the company.
Train your employees, paying special attention to operational and engineering staff and their awareness of recent threats and attacks.
Provide protection inside and outside the perimeter. A proper security strategy has to devote significant resources to attack detection and response in order to block an attack before it reaches critically important objects.
To learn more about Ransomware targeted attacks, please read the blog post available at www.Securelist.com.