The average ransom demanded by cybercriminals when committing a cyber attack more than doubled in fourth quarter last year.
Cybersecurity company outfit Coveware said that the average payment increased 104 per cent to $84,116 (£64,408) this was mostly due to an increased focus on larger enterprises, resulting in larger ransom demands.
The firm said that one strain of ransomware, Ryuk, made its owners $780,000.
A survey of more than 1,400 MSP decision-makers that manage the IT systems for small-to-medium-sized businesses (SMBs) found that ransomware remains the most common cyber threat to SMBs.
Datto announced the findings from its fourth annual Global State of the Channel Ransomware Report.
The report found that Ransomware attacks were pervasive. The number of ransomware attacks against SMBs is on the rise. More than 85 percent of MSPs reported attacks against SMBs over the last two years, compared to 79 percent of MSPs who reported the same in 2018. In the first half of 2019 alone, 56 percent of MSPs reported attacks against SMB clients.
A new breed of Crypto ransomware which uses Tor to hide its antics has hit the streets.
Critroni has been flogged on underground forums for the last month or so and is now being used by the Angler exploit kit.
Security experts say that it is the first crypto ransomware seen using the Tor network for command and control.
It is bad news. The ransomware landscape has been ruled by CryptoLocker and that bit of code has proved really hard to defeat. CryptoLocker encrypts all of the files on an infected computer and then demands that the victim pay a ransom in order to get the private key to decrypt the data.
Coppers in the United States and Europe took down the GameOver Zeus malware operation, one of the key mechanisms that attackers were using to push CryptoLocker. Since then security researchers spotted advertisements for the Critroni ransomware. Critroni also is known as CTB-Locker, and was first used in Russia.
You can pick up Critroni ransomware for $3,000 and researchers say it is now being used by a range of attackers, some of whom are using the Angler exploit kit to drop a spambot on victims’ machines.
Once on a victim’s PC, Critroni encrypts a variety of files, including photos and documents, and then displays a dialogue box that informs the user of the infection and demands a payment in Bitcoins in order to decrypt the files.
Victims have 72 hours to pay up. The ransom payment is usually about $300, for victims in the US, Canada and Europe.
One of the unique features of Critroni/CTB-Locker is that it uses the C2 function hidden in the Tor network Tor for its command-and-control infrastructure.
Fedor Sinitsyn, senior malware analyst at Kaspersky Lab said that the executable code for establishing Tor connection is embedded in the malware’s body.
Embedding Tor functions in the malware’s body is difficult from the programming point of view, but it helps to avoid detection.
Critroni is in English and Russian right now, so it is expected that countries which use those languages will be a target.
April 24th, 2024
April 24th, 2024
April 23rd, 2024
April 23rd, 2024
April 22nd, 2024
April 24th, 2024
April 24th, 2024
April 23rd, 2024
April 23rd, 2024
April 22nd, 2024