INTELLIGENT BRANDS // Enterprise Security
Kaspersky Lab research finds
ransomware actors targeting attacks
against businesses
K
aspersky Lab’s researchers
have discovered an emerging
and alarming trend: more and
more cybercriminals are turning their
attention from attacks against private
users to targeted ransomware attacks
against businesses. At least eight
groups of cybercriminals involved in
encryption ransomware development
and distribution have been identified.
The attacks have primarily hit financial
organisations worldwide. Kaspersky
Lab’s experts have encountered cases
where payment demands amounted to
over half a million dollars.
The eight identified groups include
PetrWrap authors, who have attacked
financial organisations worldwide,
the infamous Mamba group, and
six unnamed groups also targeting
corporate users. It is worth noting
that these six groups were previously
involved in attacks targeting mostly
54
INTELLIGENTCIO
private users and used affiliate
programme models. Now, they have
refocused their efforts on corporate
networks. According to Kaspersky Lab’s
researchers, the reason for the trend
is clear – criminals consider targeted
ransomware attacks against businesses
potentially more profitable than
mass attacks against private users. A
successful ransomware attack against
a company can easily stop its business
processes for hours or even days,
making owners of affected companies
more likely to pay the ransom.
In general, the tactics, techniques and
procedures used by these groups are
very similar. They infect the targeted
organisation with malware through
vulnerable servers or spear phishing
emails. Then they establish persistence
in the victim’s network and identify the
valuable corporate resources to encrypt,
subsequently demanding a ransom in
exchange for decryption. In addition to
their similarities, some groups have their
own unique features.
For instance, the Mamba group
uses its own encryptor malware,
based on the open-source software
DiskCryptor. Once the attackers gain
a foothold in the network, they install
the encryptor across it, using a legal
utility for Windows remote control.
This approach makes the actions less
suspicious for security officers of the
targeted organisation. Kaspersky Lab’s
researchers have encountered cases
where the ransom amounted up to
one bitcoin (around $1,000 to the
end of March 2017) per one endpoint
decryption.
“We should all be aware that the
threatof targeted ransomware attacks
on businesses is rising, bringing
tangible financial losses. The trend is
www.intelligentcio.com