Councils to be increasingly targeted by ransomware threats

Councils 'will quickly pay ransoms to restore their critical operations', claims McAfee Labs

Councils are going to be increasingly targeted by ransomware threats, according to a report by cyber security firm McAfee Labs.

The firm said, in its 2016 Threats Predictions report, that ransomware attacks, which are already prominent in a number of industries, are likely to grow next year.

"The groups behind most current ransomware campaigns are going for ‘fast cash', by using spam campaigns and exploit kits such as Angler, and targeting wealthy countries in which people can afford to pay the ransom," said Christiaan Beek, director of threat intelligence, malware operations at McAfee Labs.

While this is expected to continue in 2016, McAfee Labs said it also foresees a new focus on industry sectors including finance and local government. Beek said this was because these sectors "will quickly pay ransoms to restore their critical operations".

In fact, it has already seen criminals be quite effective in attacking these sectors.

Beek said that usually only Microsoft Office, Adobe PDF and graphics files are targeted, but that in 2016 other file extensions typically found in business environments will also become targets. He added that ransomware would start targeting Mac OSX, because its popularity was growing within these sectors. Attacks would also continue on Microsoft Windows, he said.

The firm believes that new variants of ransomware will continue to be found in 2016.

"Although a few families - including CryptoWall 3, CTB-Locker, and CryptoLocker - dominate the current ransomware landscape, we predict that new variants of these families and new families will surface with new stealth functionalities," said Beek.

New variants could, for example, start to silently encrypt data and any backups too.

"Eventually the attacker will pull the key, resulting in encrypted files both on the system and in the backup," said Beek.

"Other new variants might use kernel components to hook the file system and encrypt files on the fly, as the user accesses them," he added.

Beek said that cyber criminals will continue using "ransomware-as-a-service" hosted on the Tor network as well as virtual currencies for payments.