Crypto Ransomware Attacks Have Jumped 500% In The Last Year (onthewire.io) 36
Kaspersky Lab is reporting that the last year saw a 500% increase in the number of users who encountered crypto ransomware.
Trailrunner7 shares an article from On The Wire:
Data compiled by Kaspersky researchers from the company's cloud network shows that from April 2015 to March 2016, the volume of crypto ransomware encountered by users leapt from 131,111 to 718,536. That's a massive increase, especially considering the fact that ransomware is a somewhat mature threat. It didn't just burst onto the scene a couple of years ago. Kaspersky's researchers said the spike in crypto ransomware can be attributed to a small group of variants. "Looking at the malware groups that were active in the period covered by this report, it appears that a rather short list of suspects is responsible for most of the trouble caused by crypto-ransomware..."
It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.
Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
It's difficult to overstate how much of an effect the emergence of ransomware has had on consumers, enterprises, and the security industry itself. The FBI has been warning users about crypto ransomware for some time now, and has consistently advised victims not to pay any ransoms. Security researchers have been publishing decryption tools for specific ransomware variants and law enforcement agencies have had some success in taking down ransomware gangs.
Enterprise targets now account for 13% of ransomware attacks, with attackers typically charging tens of thousands of dollars, the article reports, and "Recent attacks on networks at the University of Calgary and Hollywood Presbyterian Medical Center have demonstrated the brutal effectiveness of this strategy."
Re: (Score:2, Offtopic)
Why?
Why does nearly every single story on slashdot have to have some effing ignoramus making some entirely off-topic remark or rant about some aspect of US politics?
Re: (Score:1)
Welcome to the internet.
Re: (Score:1)
Too many idiots on this planet. The only real problem the human race has.
Re: (Score:2)
I was going to vote for Trump until I read this.
So much fun... (Score:5, Interesting)
Re: (Score:1)
My job got hit by an email-delivered virus that spread across the network and encrypted 200+ hard drives before being stopped. Fortunately, user profiles are stored on the network. Didn't take much time to deploy loaner laptops and re-image the desktops to get the users up and running again.
Another satisfied Microsoft customer?
Re: (Score:3)
Another satisfied Microsoft customer?
I give thanks to Microsoft for my job security every day.
Re: (Score:3)
I've seen it infect shared drives. Anywhere anyone has read/write permissions, the trojan can do its dirty deeds. You need to have good backups at the very least. The one incident I saw a few months ago managed to get through quite a few files on a couple of shares, but the only loss was a few documents as the nightly backup was up to date.
Mind you, the real trick can be figuring out which workstation has been infected. While some organizations may be able to reimage everything, for some, they don't have th
Re: (Score:3)
I've seen it infect shared drives. Anywhere anyone has read/write permissions, the trojan can do its dirty deeds. You need to have good backups at the very least. The one incident I saw a few months ago managed to get through quite a few files on a couple of shares, but the only loss was a few documents as the nightly backup was up to date.
Mind you, the real trick can be figuring out which workstation has been infected. While some organizations may be able to reimage everything, for some, they don't have that capacity.
You need to have good offline backups.
That means spooling your backup data to a medium that is then taken offline. No tapes left in the drives. No backup shares left online after the job completes. No pure reliance upon shadow copies or VM snapshots.
Yes, ransomware is becoming that nefarious.
Re: (Score:2)
You need to have good offline backups.
That means spooling your backup data to a medium that is then taken offline. No tapes left in the drives. No backup shares left online after the job completes. No pure reliance upon shadow copies or VM snapshots.
Yes, ransomware is becoming that nefarious.
Wrong. Online backups are fine, as long as they are versioned and not RW visible to the malware via share/map/nfs/smb etc. This effectively makes the backup offline -to the virus-, but can speed recovery time. We use max backup from logic now, and it is great. On servers, we even install a virtual drive mount of the backups. Quick access to accidental deletes and such on the mounted virtual drive, but it is read-only, so malware run-amok cannot do anything to this backup.
Re: (Score:2)
Well, one of the biggest things that happened was activating Volume Shadow Services, aka Previous Versions. Every 4 hours, a snapshot of the shares are taken, so you can go back several weeks.
Saved my ass several times thanks to finger slips (who puts "Delete" right next to "Rename"?) and the damned Delete shortcut which deletes an entire tree rather than the file. Just load up the last snapshot and restore from that.
Online services like this are fine provided the malware can't get access to delete rights t
Which is why you need some good storage (Score:3)
If you are doing IT for an enterprise, get stats like this to go to management and show them why you need storage with snapshots and backups to alternate storage. Ya it costs to get a good setup, and it takes some IT time to administer, but all it takes is one of these and it has paid for itself.
We got hit with cryptolocker back in the day, the Dean opened it and it proceeded to go and encrypt the entire administration share he had access to. However we didn't pay shit, I went in to the management console, rolled back to an earlier snapshot, and we were good. Minimal disruption. Even had it somehow been able to blast the snapshots (users don't have write access to them so I can't see a way) we could have pulled data from tape that was at most a couple days old.
There's other reasons to do this too, of course, but this is a big one that is very visible these days, and so worth it.
Ransomeware... (Score:1)
would be better called Tax on Windows.
Re:Duh (Score:4, Insightful)
Law enforcement is busy fighting non-existent terrorists. Of course they cannot do anything about actually dangerous malware.
Congress and FBI to the rescue!! (Score:3)
Fortunately, by next year all encryption algorithms will be required by law to have back doors for law enforcement, so if you get hit by one of these crypto ransomware attacks you can just go to the nearest police station and get your files decrypted.
Thank you blockchain (Score:1)
Isn't bitcoin wonderful.
A world without cash - what could be better.
last year was a shift from ransomeware to crypto (Score:1)