Tag: ransomware

IT managers stressed over looming ransomware

More than 46 percent of UK IT managers don’t believe they invest enough to prevent ransomware attacks, whilst a similar but slightly higher number (52 percent) don’t feel supported to do so by their company’s board.

According to Osirium’s “2021 Ransomware Index survey” less than 10 percent believe that they can prevent a future ransomware attack, stressing out IT people.

The survey findings raise concerns about UK IT teams’ ability to effectively manage potential ransomware attacks, of which their likelihood of becoming a victim is increasing rapidly. Of those surveyed, only 21 percent claimed they had never been attacked. More surprisingly, 53 percent of respondents agreed with the statement: “It would be cheaper to pay the ransom demand than continuously invest in preventing ransomware.”

More than half of the survey respondents also claimed that they do not have sufficient budget/resources to cope with the constantly evolving threat landscape, which makes the research finding, that many feel the only way to deal with the problem is to pay, even more impactful.

The stress to UK IT managers, caused by the spectre of Ransomware, is an increasingly significant downside to an already difficult job. 86 percent of the IT managers surveyed said they feel stressed about the prospects of a ransomware attack, with 22 percent saying it more than doubled their stress levels.

Ransomware is the enema of the channel

Beancounters at IDC have warned that ransomware attacks are becoming common and in most cases, customers were left in a position where they felt they had no option but to pay the ransom demanded.

The firm also found that manufacturing and finance were the verticals hit most by ransomware, while transportation, communication and utilities/media industries reported the lowest rates of attack. The average ransomware payout was almost $250,000, but several incidents topped $1 million.

Channel needs to focus on ransomware

AV outfit Sophos says the channel needs to focus on ransomware, due to the escalating number of cyberattacks exploiting vulnerable home workers and people who are desperate for information about the virus and vaccine.

Kevin Isaac, senior vice-president of EMEA sales at Sophos, said partners need to remain focused on the ransomware threat because customers were coming to the company  because  the two really large, totally addressable markets are endpoint security and firewalls, and those deal with ransomware.

Sophos has seen the channel promoting its endpoint detection and response (EDR) and managed threat response (MTR) solutions and helping customers to implement a rapid response to attacks. The tools have appealed to managed service providers (MSPs) that are looking to add more security depth to their proposition.

Cognizant will lose $50 to $70 million on ransomware attack

Cognizant will lose $50 to $70 million as a direct result of a recent ransomware attack, the outfit revealed in its first quarter earnings call.

For those who came in late, the firm said it had been targeted by a “Maze” ransomware attack on 18 April, which effectively shut down its internal systems and causing service disruption for many of its customers.

Cognizant said it responded to the attack quickly but still expects its second quarterly earnings to take a notable hit due to the resulting downtime and the temporary suspension of customer accounts.

Cognizant CFO Karen McLoughlin said: “While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter.

Maze software steals business’ data and stores it on an external server, allowing them to demand payment for its safe recovery with a threat of releasing the information if it is not received.

Cyber crims demand more from SMEs

Cyber criminals are getting more extortionate with their demands from SMEs, according to Datto’s annual European State of the Channel Ransomware report.

According to its numbers the average ransom requested of SMEs by hackers is increasing – now sitting at around £2,000.

Downtime related to such attacks is increasing by 300 percent in Europe, year-on-year, higher than the global average of 200 percent.

Ransomware payments soar

The cost of ransomware attacks more than doubled in the fourth quarter of 2019, according to research from Coveware.

The firm’s Fourth quarter Ransomware Marketplace report, which collects anonymous ransomware data from cases handled by its Incident Response Platform, found that the average ransom payment increased by 104 percent to $84,116, up from $41,198 in the third quarter. The median ransom payment for the quarter was $41, 179.

Coveware said ransomware variants such as Ryuk and Sodinokibi moving into the large enterprise space to in order to extort seven-figure pay-outs. Ryuk payments, for example, were found to have hit a new high of $780, 000 for impacted businesses during the period.

Smaller firms also continued to be at risk, with ransomware as a service variants such as Dharma, Snatch and Netwalker blanketing the small business space with a high number of lower demands – sometimes as low as $1,500.

These malicious software threats are evolving, too, with ransomware attackers moving beyond just encrypting business data and adding the exfiltration of information and threat of its release if the sum is not paid.

The fourth quarter saw 98 percent of companies receiving a working decryption tool upon payment. Of that pool, victims managed to successfully decrypt 97 percent of their encrypted data; a slight increase over Q3.

The average downtime for affected firms increased to 16.2 days, up from 12.1 days previously, driven by a “higher prevalence of attacks against larger enterprises” that have more complex networks to restore, Coveware said.

 

 

 

European SMEs suffering from more ransomware attacks

Malware, Wikimedia CommonsBusinesses in Europe are suffering more than their global counterparts according to Datto’s latest European State of the Channel Ransomware Report,

The report said that more than 84 percent of European MSPs reported ransomware attacks against their SME customers –a higher percentage than on all other continents.

Although hackers are turning to banking trojans, cryptomining and other increasingly sophisticated attacks, ransomware is still the number one threat for businesses. Hackers have upped their game by attacking more frequently but demanding less ransom.

Apple SMEs more vulnerable to Ransomware attacks

SMEs who base their systems around Apple software and hardware are more likely to be taken down in ransomware attacks according to a new study.

Datto Businesses third annual Global State of the Channel Ransomware Report said that there was a fivefold increase in the number of MSPs reporting ransomware attacks on macOS and iOS platforms over the last year.

Nearly 90 percent of MSP customers held-up by ransomware

the-highwaymanThe latest state of the channel Ransomware report from Datto indicated that 89 percent of European MSP customers were victims of ransomeware attacks.

The attacks led to downtime, and for a small percentage the ransomware remained in the system and gave customers further grief down the line.

Antivirus software does not seem to be much good at protecting against ransomware and 94 percent of customers attacked said it had not prevented the attacks from happening.

The other problem area for users was around backup and restore. Those that had failed to invest in that technology left with severe headaches trying to get back up and running after a ransomware attack.

Datto thinks that first and foremost the channel education to the SME market had to continue.

Datto SVP Mark Banfield said: “Ransomware attacks are becoming so frequent that the term has recently been added to the Oxford English Dictionary. WannaCry and NotPetya made the headlines last year for their impact on larger firms, but this report highlights just how vulnerable SMBs are,” he said.

“There’s an existing perception that only bigger companies are targeted as they represent higher-value targets, but attacks are now so simple to initiate on a mass scale that cybercriminals no longer discriminate,” he added.

Most of the customers surveyed by Datto also shared their expectations that ransomware attacks would continue in the next couple of years.

“As the sophistication of ransomware variants continues to increase and they bypass traditional prevention measures, SMBs with limited in-house expertise and cyber security tools are struggling. The lack of understanding and capabilities are causing more to fall victim and here lies an opportunity for the channel. MSPs can become trusted partners, providing the ongoing tools, expertise and support required to mitigate ransomware and its impacts,” said Banfield.

Cisco warns ransomware scams are targeting enterprises

Cisco Kid Cisco’s Midyear Cybersecurity Report (MCR) is warning that ransomware is a specific threat which is is becoming more widespread and potent.

The report said that the ransomware creators are focusing more than ever on generating revenue and are now targeting enterprise users in addition to individuals.

“These direct attacks are becoming increasingly efficient and lucrative, generating huge profits. Our security researchers calculate that ransomware nets our adversaries nearly $34 million annually,” the report said.

The report said that it is time to improve the odds at handling this type of attack.

At the moment asymmetric attacks are outpacing responses. Attackers’ innovative methods of exploit, persistency, shifting tactics, and ability to operate on a global level create an ominously complex and moving target

“Our research shows that adversaries are now exploiting vulnerabilities in encryption, authorization, and server-side systems, using ‘malvertising as a service’ to infect web users, well as tampering with secure connections like HTTPS. This final example alone has users thinking incorrectly that their connections are secure, leading to a false sense of security and making it increasingly difficult to determine if a connection has been compromised,” the report said.

TorrentLocker has trapped 39,000 victims

mantrap Cybercriminals behind the TorrentLocker malware may have earned as much as $585,000 over several months from 39,000 PC infections.

But apparently more than 9,000 of the victims were from Australia thanks to a poisoned website which claimed to be the Australia Post newspaper.

TorrentLocker is one of several ransomware threats that have emerged in the wake law enforcement action against CryptoLocker earlier this year.

TorrentLocker demands payment of up to $1,500 in Bitcoin to unlock victim’s encrypted files. Whether victims pay depends on how much they value files.

Security vendor ESET said that the hackers behind TorrentLocker put extra effort into defrauding Australian computer users via a several bogus websites for Australia Post and the NSW Office of State Revenue.

The hackers were more successful Turkey which made 11,700 infections, but that country has a bigger population with less crocodiles. Italy, the UK, the Czech Republic, and Netherlands all had infections of between 4,500 and 2,280 each, which was also on the higher side.

Few victims actually paid. According to ESET researcher and author of the report, Marc-Etienne M.Léveillé, only 1.44 percent or 577 of the infections translated in to payment for the hackers. Still, based on the Bitcoin exchange rate of $384.94 on November 29, TorrentLocker’s operators may have earned between anywhere between $292,700 and $585,401, which is not bad money.

The PCs were infected by spam email that encourages the victim to open what appears to be a document but is in fact an executable file that will install the malware and encrypt the files.

Messages included tricking victims into opening files marked unpaid invoices, package tracking and unpaid speeding tickets.

“For example, if a victim is believed to be in Australia, fake package tracking information will be sent spoofed to appear as if it comes from Australia Post. The location of the potential victim can be determined by the top level domain used in the e-mail address of the target or the ISP to which it is referring,” ESET notes in its report.

The fake Australian domains the attackers have bought for the campaign include sites that look like the legitimate Australia Post domain austpost.com.au. These are austpost-tracking.com and austpost-tracking.org. Domains they have acquired to appear like the NSW Office of State Revenue’s real domain osr.nsw.gov.au include the bogus domains nsw-gov.net and osr-nsw-gov.net.

TorrentLocker’s “side task” is to steal the address book from email clients on the infected machine and contains code that enables this feature for Thunderbird, Outlook, Outlook Express and Windows Mail.