Locky, one of the first and most resilient ‘mass distribution’ ransomware families has roared back after a brief break. Throughout August, Locky campaigns have filled our inboxes with fraudulent invoices that need paying, images that need opening, and voicemails that need listening. These recent campaigns are notable not only for their volume, but the multiple delivery methods within a single distribution run. On August 17, Locky arrived en masse with three different infection methods that all led to Locky’s Lukitus variant. While infection vectors frequently change from run to run, intra-campaign shuffling is extremely rare.
In the world of cyber security, there are some threats that seem to have been specifically designed to wreck your day.
Ransomware is one of those threats.
Even if you have secure backups, and they’re kept safely away from the rest of your network, the time it takes to restore from them and remove all traces of the offending trojan is sure to get your blood boiling.
So when a new ransomware threat arises, it pays to make sure your house is in order, and your users are on high alert.
While there was a lively running debate over whether it was Petya or NotPetya yesterday, we all can all agree that what locked up some of the world’s largest shipping companies, spread through the infamous SMB exploit, and may have been delivered as an infected update, was not Karo. However, this obscure ransomware family was launched into the spotlight due to early confusion over Petya's initial infection vector.
Unless you've had your head buried firmly in the sand for the past few days, you’ll already have heard of WannaCry, the latest in an ongoing deluge of ransomware strains.
Since the attack started last Friday over 230,000 computers have been infected across 150 countries, with high profile victims including Telefónica, Britain’s National Health Service (NHS), FedEx, Deutsche Bahn, and LATAM Airlines.
And if you’ve been following the story, you’ll know all sorts of people have been getting involved. With slightly confusing (and sometimes contradictory) reports surfacing in news outlets all over the world, we thought we’d take a few moments to explain what is (and isn’t) currently known about WannaCry, and what you can do to minimize your organization’s risk of infection.
Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks.
In the last post, we took an in-depth look at how ransomware changed during 2016, and what we expect to see happen in the coming year.
The post, which was based on a recent webinar, was pretty long and in-depth, so if you'd like some context you might like to go back and read it before continuing or feel free to watch the on-demand webinar.
In this post we’re going to run through the most important part of the webinar: what you can do to secure your organization against ransomware.
In 2016, a year when cybercrime soared to previously undiscovered heights, ransomware was one of the top worries for organizations of all sizes.
And for good reason.
Compared to other malware, ransomware has a very high infection rate, and whether or not organizations opt to pay ransom demands it can cause significant disruption to business processes. Even worse, many co-called “copycat” ransomware families have turned out to be far more destructive than intended, and as a result many files can't be recovered even if payment is made.
Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.
It was a serious threat, of course, but it had become somewhat… predictable.
But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.
In late 2015, malware trends hinted a ransomware epidemic was on its way.
And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.
Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.
So what happened? After all, ransomware has been around for decades, so why the sudden explosion?
Since the start of 2015, healthcare has been hit with more ransomware than any other industry.
Headlines abound with tales of healthcare organizations declaring states of emergency, turning away patients, and often opting to pay ransoms just to end their nightmare.