Kaspersky Lab researchers have found that more and more cybercriminals are switching from attacks against home users to ransomware attacks targeted against companies.
The lab identified at least eight groups of cyber criminals involved in the development and distribution of encryptors malware that has mainly affected the financial organizations around the world with redemption requests also reached the half-million dollars.
The eight identified groups include the authors of PetrWrap, who attacked financial organizations around the world, the infamous Mamba group and six other unnamed groups who target business users. These cyber criminals now have refocused their efforts on corporate networks because of it potentially more profitable than mass attacks against home users.
A ransomware attack has been successful as it can easily block the activities of a company for hours or even days, inducing the owners to pay the ransom. In general, the tactics, techniques, and procedures used by these groups are very similar.
First, they infect the malware in the organization by targeting vulnerable server or spear phishing email. After infiltrating into the victim’s network, criminals identify vulnerable corporate resources to be encrypted, then ask for the ransom in exchange for decryption.
For example, the Mamba group uses an encrypted malware owned, based on open source software DiskCryptor. After gaining access to the network, hackers will install malware, using a legitimate utility for Windows remote control. This approach makes it less suspicious transactions in the eyes of the security officers of the company targeted.
Another unique example of a tool used in ransomware targeted attacks comes from PetrWrap. This group mainly affects larger companies that have a number of network nodes. Criminals carefully select targets every attack, which can last for a long time: PetrWrap managed to maintain a steady persistence in a network of up to six months.
To protect companies from such attacks, Kaspersky Lab’s security experts recommend regularly and appropriately back up your data so that you can restore the original files in case of loss. You must also use a security solution with detection technologies based on behavior, which allows you to discover malware, including ransomware, observing their activities on the attacked system and allowing to detect samples of new ransomware.
It is also advisable to check the installed software and make sure to keep them up to date, conduct an evaluation of the control network security (eg security audits, penetration testing and gap analysis) and train employees, paying particular attention to the operational and engineering staff and their awareness of the latest attacks and threats.