Cryptomalware has long been a threat not only to end users, but to companies as well. At first, their authors extorted money using mass-mailed Trojans. Then cybercriminals realized that businesses are much more likely than individuals to have valuable information — and money with which they are ready to part for the sake of business continuity. So they switched from mass mailings to selective ones, and began to spam small and medium-size businesses with false “bills,” letters from the “IRS,” and other misleading documents containing malicious code. And now we have seen the next level — targeted attacks that employ encrypted malware.
It wasn’t much of a surprise. This evolution is extremely logical: If you carefully select a victim, examine its infrastructure, and encrypt specific business-critical files, your chances of obtaining a solid ransom increase dramatically. Our analysts long foresaw such a development of ransomware. The surprise is the scale of this phenomenon.
At this moment, our experts have identified at least eight threat actors competing for the right to extort money from businesses. In some cases, the price of decryption reaches half a million dollars. And their main targets are financial organizations, which have to pay to ensure that their data servers can return to work.
One of the reasons for such a rapid popularity gain is a code of silence. Victims can be extremely reluctant to report that their confidential data has been encrypted. As a result, before a target campaign becomes known to all software vendors, it will have had enough time to reach a lot of victims. And that is a big problem because not all protective products can detect cryptors by behavior (although ours does).
Therefore, if you become a victim of encrypting ransomware, you must immediately inform law enforcement about the incident. If you need tips on how to do it, or any other advice on protecting against this sort of threat, visit the No More Ransom initiative website. In addition, it makes sense to use expert services, which can conduct a full investigation of the incident. A variety of utilities for decrypting data when it’s possible is also available on the NoRansom.kaspersky.com website.
Details about the variety of targeted attacks that employ ransomware can be found in the expert study on our Securelist website.
Standard tips for protecting against ransomware
- Back up business-critical information and protect the servers on which backups are stored.
- Use security solutions that can detect attempts at behavioral encryption — for example, our free Kaspersky Antiransomware tool.
- Maintain a high level of cybersecurity awareness — many attacks still use social engineering technologies.
- We also highly recommend you get acquainted with our advice on guarding against cryptoransomware.