Skip to main content

Ransomware: Prepare for hackers launching even more destructive malware attacks


The 'wiper' ransomware used in state-backed attacks like NotPetya is gaining round among cyber criminals, warns EU law enforcement annual cybercrime report.
The threat from ransomware continues to grow and it's possible that the file-encrypting malware attacks could become far more destructive as cyber criminals evolve and change their tactics.
European law enforcement agency Europol's annual cybercrime report – the Internet Organised Crime Threat Assessment (IOCTA) – lists ransomware as the most widespread and financially damaging cyber attack, despite a decline in the number of ransomware incidents.
However, cyber criminals are becoming more efficient, picking and choosing their targets with the aim of causing the highest amount of damage possible to organisations in order to demand much higher ransomware. To emphasise this – although without providing specific examples - the report details how in some cases, the ransom demanded is in excess over one million Euros.
But while ransomware in its current state is predominantly a means of making money for cyber criminals, the Europol report warns there's a risk of cyber criminals deploying ransomware attacks as a means of pure sabotage, something private companies are growing fearful of.
The NotPetya attacks of 2017 showed how much damage can be done by a destructive cyberattack of this kind: in some cases it led to large companies having to almost entirely restore their network from scratch, suffering large amounts of downtime and large financial costs as a result.
NotPetya looked like ransomware but the group behind it had no interest in receiving ransom payments, the motivation behind the attack was pure destruction. The target for this destruction was Ukraine, but the attack got out of control and spread around the world.
This kind of attack has predominantly been associated with nation-states – the Russian military has been accused of being behind NotPetya - however, the report warns that cyber criminals are increasingly incorporating wiper-style attacks as part of their campaigns.
A form of this ransomware attack emerged earlier this year. Named GermanWiper the ransomware hit organisations across Germany with attacks which didn't encrypt files, but rewrote the files to destroy them.
Ultimately, it meant that even if a user paid the ransom, they wouldn't get their files back at all – unless they had offline back-ups
Ransomware itself may have changed but the methods for distributing it have stayed the same over the last year: phishing emails and remote desktop protocols (RDPs) are the primary infection vectors of the malware.
Often, the attackers pushing ransomware are doing so with the aid of known vulnerabilities for which vendors have already issued security updates. Because of this, Europol stresses the importance of patching, especially when it comes to critical vulnerabilities.
The report notes that almost one million devices still haven't been patched against the powerful BlueKeep vulnerability, leaving networks open to attacks using the exploit.
The message from Europol is clear – ransomware and other cyber attacks won't be disappearing any time soon, especially if cyber criminals are able to take advantage of known vulnerabilities and old attacks.
"This year's IOCTA demonstrates that while we must look ahead to anticipate what challenges new technologies, legislation, and criminal innovation may bring, we must not forget to look behind us," said Catherine De Bolle, executive director of Europol.
"New threats continue to emerge from vulnerabilities in established processes and technologies. Moreover, the longevity of cyber threats is clear, as many long-standing and established modi operandi persist, despite our best efforts. Some threats of yesterday remain relevant today and will continue to challenge us tomorrow," she added.
There is one threat which appears to have almost dropped off the radar compared with its position in last year's report: cryptomining. The 2018 IOCTA warned about the rise of cryptocurrency mining malware, even suggesting that it "may overtake ransomware as a future threat".
However, while cryptomining attacks still do occur the number of attacks has declined – especially since the closure of Coinhive in March this year. Now, aside from exceptional cases, cryptomining is described as "a low-priority threat for EU law enforcement" moving forward as other current and future threats are combated.
"The global impact of huge cybersecurity events has taken the threat from cybercrime to another level. At Europol, we see that key tools must be developed to keep cybercriminals at bay. This is all the more important, considering that other crime areas are becoming increasingly cyber-facilitated," said De Bolle.

Comments

Post a Comment

Popular posts from this blog

Google can now help you figure out that song stuck in your head - all you have to do is hum (or whistle) into your phone

  Google just launched its “hum to search” feature, which allows users to hum, whistle, or sing for 10–15 seconds in order to identify a song. The feature currently works in 20 languages, and Google hopes to add more. Google has finally launched the perfect feature for when a song is stuck in your head but you don’t know any of the words. “Hum to search” launched today on both the Google app for iOS and Android, according to Google’s blog, The Keyword. Users can also whistle or sing directly into the mic to identify a song. The technology works like this: the user can hum (whistle, or sing) for 10–15 seconds, and then Google’s technology takes the song’s melody and turns it into a numbers-based sequence. From there, the sequence can be used to “identify songs based on a variety of sources, including humans singing, whistling or humming, as well as studio recordings,” according to Google’s announcement. The sequence also strips away any other outside noise, like accompanying instru...
Post a Comment
Read more

Ransomware's Dangerous New Trick Is Double-Encrypting Your Data

  Ransomware groups have always taken a more-is-more approach . If a victim pays a ransom and then goes back to business as usual-hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation? Ransomware hackers who encrypt a victim’s data twice at the same time. Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other. “The groups are constantly trying to work out which strategies are best , which net them the most money for the least amount of effort,” says Emsisoft threat analyst Brett Callow. “So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not act...
Post a Comment
Read more

WhatsApp Users Exchanged Over 100 Billion Messages on New Year’s Eve, A New Record

WhatsApp is one of the most widely used communication apps on the planet and as such, clocks an insane number of messages and media exchanges on a daily basis. But the New Year's Eve broke a record that has been standing since WhatsApp's debut a decade ago. WhatsApp has revealed that users exchanged over 100 billion messages on New Year's eve. And out of that number, more than 20 billion messages were shared by Indian users alone. Moreover, around 12 billion out of the 100 billion+ messages shared on the platform were images. WhatsApp wrote in a press release that over 100 billion messages were shared globally on December 31 in the 24-hour duration leading up to the midnight of New Year's Eve. This is a record-breaking volume and is the highest number of messages exchanged in a single day ever since WhatsApp kicked off its services ten years ago. Out of those 100 billion+ messages shared on New Year's eve, WhatsApp says over 12 billion were images. Meanwhile...
Post a Comment
Read more