Tag: ransomware

Cisco warns ransomware scams are targeting enterprises

Cisco Kid Cisco’s Midyear Cybersecurity Report (MCR) is warning that ransomware is a specific threat which is is becoming more widespread and potent.

The report said that the ransomware creators are focusing more than ever on generating revenue and are now targeting enterprise users in addition to individuals.

“These direct attacks are becoming increasingly efficient and lucrative, generating huge profits. Our security researchers calculate that ransomware nets our adversaries nearly $34 million annually,” the report said.

The report said that it is time to improve the odds at handling this type of attack.

At the moment asymmetric attacks are outpacing responses. Attackers’ innovative methods of exploit, persistency, shifting tactics, and ability to operate on a global level create an ominously complex and moving target

“Our research shows that adversaries are now exploiting vulnerabilities in encryption, authorization, and server-side systems, using ‘malvertising as a service’ to infect web users, well as tampering with secure connections like HTTPS. This final example alone has users thinking incorrectly that their connections are secure, leading to a false sense of security and making it increasingly difficult to determine if a connection has been compromised,” the report said.

TorrentLocker has trapped 39,000 victims

mantrap Cybercriminals behind the TorrentLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections.

But apparently more than 9,000 of the victims were from Australia thanks to a poisoned website which claimed to be the Australia Post newspaper.

TorrentLocker is one of several ransomware threats that have emerged in the wake law enforcement action against CryptoLocker earlier this year.

TorrentLocker demands payment of up to $1,500 in Bitcoin to unlock victim’s encrypted files. Whether victims pay depends on how much they value files.

Security vendor ESET said that the hackers behind TorrentLocker put extra effort into defrauding Australian computer users via a several bogus websites for Australia Post and the NSW Office of State Revenue.

The hackers were more successful Turkey which made 11,700 infections, but that country has a bigger population with less crocodiles. Italy, the UK, the Czech Republic, and Netherlands all had infections of between 4,500 and 2,280 each, which was also on the higher side.

Few victims actually paid. According to ESET researcher and author of the report, Marc-Etienne M.Léveillé, only 1.44 percent or 577 of the infections translated in to payment for the hackers. Still, based on the Bitcoin exchange rate of $384.94 on November 29, TorrentLocker’s operators may have earned between anywhere between $292,700 and $585,401, which is not bad money.

The PCs were infected by spam email that encourages the victim to open what appears to be a document but is in fact an executable file that will install the malware and encrypt the files.

Messages included tricking victims into opening files marked unpaid invoices, package tracking and unpaid speeding tickets.

“For example, if a victim is believed to be in Australia, fake package tracking information will be sent spoofed to appear as if it comes from Australia Post. The location of the potential victim can be determined by the top level domain used in the e-mail address of the target or the ISP to which it is referring,” ESET notes in its report.

The fake Australian domains the attackers have bought for the campaign include sites that look like the legitimate Australia Post domain austpost.com.au. These are austpost-tracking.com and austpost-tracking.org. Domains they have acquired to appear like the NSW Office of State Revenue’s real domain osr.nsw.gov.au include the bogus domains nsw-gov.net and osr-nsw-gov.net.

TorrentLocker’s “side task” is to steal the address book from email clients on the infected machine and contains code that enables this feature for Thunderbird, Outlook, Outlook Express and Windows Mail.