A strain of ransomware titled SamSam has earned its handlers over 5.1 million euros to date, according to estimates, since it first began hitting enterprises in 2015. Security firm Sophos has released the data in a report, after tracking the Bitcoin addresses found on SamSam ransom notes and sample files.
It seems that everyone in the cyber security sphere is talking about ransomware these days. Last year, attacks such as WannaCry, NotPetya and BadRabbit took the business world by storm, costing billions in damages. Ransomware is by no means a new threat (it has been around since at least 2005), but it is one of the fastest growing and most costly. Cyber crime is constantly changing, and criminals keep creating news ways to steal money. Ransomware has gotten increasingly sophisticated since 2005, but the people using and deploying it haven’t necessarily – now some cyber criminals are making more money selling high-tech ransomware strains to non-technical criminals than if they were to conduct the attacks themselves. The result is that more and more ‘hackers’ have access to ransomware and need very little technical know-how to operate it, leading to more and more ransomware attacks each year. It may come as a surprise, then, to hear that the FBI received less reports of ransomware attacks in 2017 than in 2016 and 2015, despite the increase in attacks.
The FBI reported just 1,783 reports of ransomware attacks in 2017, compared to 2,673 in 2016 and 2,453 in 2015.
Have you been hit by ransomware recently? According to a recent survey by CyberEdge, the most reliable approach (by far) to defending against ransomware is proactive rather than reactive. That is to say, having a robust backup and disaster recovery system in place is far more likely to result in minimal disruption and data loss than trying to pay the criminals in the hopes that they do the ‘honourable’ thing and decrypt your critical data. For the report, CyberEdge surveyed IT security professionals and found that more than half (55%) had been hit by ransomware in 2017. The study found that of those who had prepared for ransomware using backups and other business continuity procedures, 86.9% were able to successfully recover their data. However, of those who didn’t have backups to rely on and instead paid the ransom, only 49% actually had their data decrypted and recovered.
Thinking of paying ransomware demands? Think again, as less than half of ransomware payments result in successfully decrytped and restored data.
Trend Micro, one of the largest cyber security firms in the world, has released their annual security roundup report, and the results show some alarming trends. With the GDPR upcoming, cyber criminals have been refining their techniques in order to increase their financial gains, moving away from exploit kits which can be an unpredictable earner, to more reliable tactics such as business email compromise, phishing and spam, ransomware, and the relatively new threat to businesses, malicious crypto-currency mining.
Exploits kits are down, but 2017 saw over 300 new ransomware families, in addition to a rise in business email compromise scams and the all-new malicious crypto-mining threat.
The governments of the UK, US, Australia and more have publicly blamed Russia for the NotPetya ransomware attacks, which crippled businesses all over Europe back in June 2017 with a particularly nasty and destructive strain of ransomware. Last Thursday, the White House press secretary Sarah Sanders stated that NotPetya was “a reckless and indiscriminate cyber-attack that will be met with international consequences”, squarely blaming the Russuan Military and the Kremlin for causing billions of dollars’ worth of damage to businesses and states alike. The same day, the British defence secretary Gavin Williamson accused the Russian government of “undermining democracy”, after the attack, which was primarily aimed at the Ukraine, spread uncontrolled throughout Europe and beyond and caused major disruption to commerce and public services.