Businesses need to be aware of the value of their data to cyber criminals, how that data is likely to be attacked, and how to defend against particular attacks. A couple of hundred thousand usernames and passwords are also valuable which if stolen can be married up with other data to wreck havoc. In the past 1 year, a majority of corporations and even law enforcement agencies have fallen victim to sophisticated bitcoin ransomware attacks.
Once ransomware affects a device, files and data stored in the local database of the device or a server are locked. Most ransomware distributors set a time lock, usually a week, to pressure victims into paying the ransom and receiving a decryption key to unlock their files. If victims fail to make the bitcoin payment within the established time period, files and data are deleted permanently.
The more complex and technologically advanced ransomware leaves no option for victims after being encrypted but to settle the ransom. New generation Ransomware like Popcorn or Locky utilises their technological characteristics to spread themselves more widely, at a much faster rate.
Previously, Check Point’s H2 2016 Global Threat Intelligence Trends Report also revealed that ransomware attacks doubled during July to December 2016 from 5.5% to 10.5%.
Conflicker topped the list of H2 2016 with 14.5% malware attacks. This worm allows remote operations and malware download. The infected machine is controlled by a botnet, which contacts its Command & Control server to receive instructions.
The second on the list comes Sality with 6.1% virus attacks which allow remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
Cutwail with 4.6% is a botnet which is mostly involved in sending spam e-mails and some DDOS attacks. Once installed, the bots connect directly to the command and control server and receive instructions about the emails they should send. After they are done with their task, the bots report back to the spammer exact statistics regarding their operation.
JBossjmx with 4.5% is a worm that targets systems having a vulnerable version of JBoss Application Server installed. The malware creates a malicious JSP page on vulnerable systems that executes arbitrary commands. Moreover, another Backdoor is created that accepts commands from a remote IRC server.
Locky ransomware which started its distribution in February 2016, has minimum attack percentage to its credit with just 4.3%. It spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files.
Financial Trojans are the most prevalent, professional, sophisticated and damaging threats that the NCA sees in the cases it is investigating.
Though organisations cannot do much about these threats but it is important to be on guard at all times.
“Keep yourselves up to date and aware of the potential threats to your organisations as well as about what is available to you to counter those threats,” said Mike Hulett, head of operations for the NCA’s National Cyber Crime Unit (NCCU) in Plymouth. A viable solution would be to prevent accessing any unknown files, links, URLs or images in the web that could lead the browser in downloading malware which installs itself to a device or a server. Hulett further noted that organisations should deploy multiple layer security measures on top of their existing IT infrastructures to protect their valuable data. The most practical prevention method against ransomware distributors would be to store corporate or financial information in the cloud which will save them from ransomware encryption. To restore the device, organisations can simply format affected devices and restore data by accessing the cloud.
Against banking malware, Hulett states that it is crucial for banks, financial institutions and corporations to investigate more actively into the theft of financial data. In most cases, companies fail to recognise the theft or loss of valuable financial information until months after the initial hacking or malware attack.
DDoS continues to be a threat to business and in the past few years, it has gone from being a low-level annoyance to something far more serious.