New Installers Wreaking Havoc

Source: Cammy Harbison – http://www.idigitaltimes.com/ (29th March 2016)

Ransomware infections have seen exponential growth in 2016, as security researchers report both old encrypting malware like Cryptolocker and new versions like Locky are utilising craftier methods to attack machines and encrypt files, before victims even realise what’s happened.Victims are then forced to either pay the ransom or hope they have a backup recent enough to spare them any lost data.

Meanwhile, the time required to remove ransomware and restore lost files can provecostly as well.

Over the months of January through March, several different forms of ransomware including Cryptolocker, Locky, TeslaCrypt, Petya and SamSam reared their ugly heads, taking captive millions of victims from small businesses to hospitals to major news sites like the New York Times, BBC and Newsweek.

But why the sudden upturn in successful ransomware attacks?

Security researchers at a variety of firms report attackers are not only upgrading their malware to make it more unbreakable, they are also using unique methods of distributions, which in some cases, require no user interaction at all.In the past, most ransomware infections occurred via phishing attacks, which require a user to click on a poisoned browser or email link. But some of the newer attacks are far less dependent on user interaction.

Ransomware Evolution 2016: How File-Encrypting Malware Is Getting More Sophisticated…

 

One of the earliest widespread ransomware attacks occurred in 2013. Within 3 months, cybercriminals successfully infected 250,000 with Cryptolocker ransomware extorting an estimated 3 million in ransoms.

When ransomware first appeared, it largely targeted individuals and small businesses, but over time, attackers have upped the ante.

They are now targeting major government and healthcare organisations as well as sites that see a massive number of visitors, such as online news publishers.

As attacks hit larger targets, they are also becoming more sophisticated, using newer methods that are harder to detect or require less user interaction.

Using the tried and true Angler malware kit, cybercriminals hijacked a number of ad networks, including Google’s, served malicious ransomware-installing ads to visitors at the New York Times, BBC, Newsweek and other major online publishers.

According to Malwarebytes researcher Jerome Segura, this particular attack was unique in that it used video ads to distribute its cocktail of malware among which were classic ransomware software like Cryptolocker, TeslaCrypt and Locky.

Users didn’t need to click on the ad at all. Once the page loaded, the video began doing a drive-by malware installation on victims’ computers.

“We see a rise in malvertising attacks every weekend,” said Segura, “but this was really out of the ordinary in terms of the numbers of publishers that were affected and the ad networks that were involved. We’d never seen so many attacks happening all at the same time.”

Though the attacks only lasted about 24 hours, the impact was massive, said Segura. By using a sophisticated and unusual method of infection that went undetected even by Google ad networks, the campaign had widespread reach.

“The ads that were infected were video ads, which is why they made it through,” said Segura. “Most past malware attacks have happened via display ads or traditional ad banners, but this was a new vector and caught everyone by surprise.”

According to Proofpoint, the cyber security company that discovered malware was being served via video ads, affected users didn’t have to interact with the ad at all to be infected.The malware was distributed to users by simply visiting the site if they didn’t have their Flash Player, Silverlight and Internet Explorer software up-to-date.Though the campaign has ended, Segura believes this isn’t the last we’ll see of video-transmitted ransomware.

“We are going to see a lot more of that now since this had such an impressive effect.”

Losing your files is way more common than you’d think. One small accident, failure, or virus could destroy all the important stuff you care about.

Imagine the stress, inconvenience and setback caused if…

  • Your company files, word docs, pdfs, quotes and proposals (the lot!) were locked ordeleted by a virus plaguing your system.
  • All of your customer information was wiped in a flash after one of your colleagues clicked a link they shouldn’t have.
  • You pack up for the weekend and on your arrival back to the office on Monday, find that all your data has been wiped.
 

It has never been more IMPORTANT than NOW to have an efficient Backup, Anti-Virus, and Email Security System in place. Have you?

If you’d like to discuss your business I.T. set-up, backup systems, anti-virus, email security –  or anything else IT, give Cloud Plus IT a call on 0203 301 0003 or email hello@cloudplusit.com. We’re here to help.