Major organisations targeted with easy and cheap ransomware attacks

Cost of ransomware attacks are minimal, while profits 'could reach thousands of dollars', claims Kaspersky

There has been a huge rise in targeted ransomware attacks on large organisations, according to research by Kaspersky.

Anton Ivanov, a researcher at Kaspersky, said that in late 2016, his team detected an increase in the number of incidents where malware was used to target attacks on large organisations to steal money. The method would be to launch an 'encryptor' - ie: ransomware - on an organisation's network nodes and servers.

He said that this method of attack can be financially rewarding with very little effort: the cost of developing ransomware is significantly lower than other types of malicious software, and they are specifically put together to make money and affect a wide range of potential victims.

"Today, an attacker (or a group) can easily create their own encryptor without making any special effort," said Ivanov.

He gave the example of the Mamba encryptor based on DiskCryptor, a piece of open source software. "Some cybercriminal groups do not even take the trouble of involving programmers; instead, they use this legal utility ‘out of the box'," he said.

The method goes as follows: the criminals would search for an organisation that has an unprotected server with Remote Desktop Protocol (RDP) access, they would guess the password or buy access to it on the black market, and then they would encrypt a node or server manually.

According to Ivanov the cost of the attack is minimal, while the profit "could reach thousands of dollars".

In some cases, partners of well-known encryptors use the same scheme but they use a version of a ransom program purchased from the group's developer instead.

But Ivanov suggested that the more sophisticated criminals are also "active on the playing field" - meaning that they carefully select targets such as major companies with a large number of network nodes, and then organise attacks that can last weeks.

After seeking out a potential victim and assessing whether there is a possibility of penetration, the criminals would penetrate the organisation's network by using exploits for popular software or Trojans on the infected network nodes.

They would then gain a foothold on the network, research its topology, acquire the necessary rights to install the encryptor on all of the organisation's nodes and servers and finally install it.

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.

Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.

Attendance is free to qualifying IT professionals and IT leaders - register now!