Tag: ransomware

Businesses mostly pay up on ransomware extortion

KraysAn IBM Security report reveals that 70 percent of businesses will pay out if they are hit by Ransomware pay attackers, but there is hope in sight, as IBM’s Resilient Incident Response Platform adds a new Dynamic Playbook to help organisations respond to attacks.

According to a new security study, Biggish Blue is reporting that 70 percent of businesses impacted by ransomware end up paying the ransom.

The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the US, and 46 percent of business respondents reported that they had experienced ransomware in their organisations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organisation paid the ransom.

The amount paid to ransomware attackers varies, but of those business respondents that paid a ransom, 20 percent paid over $40,000, 25 percent paid between $20,000 and $40,000 and 11 percent paid between $10,00 to $20,000.

IBM’s study found that the propensity to pay a ransom varies depending on whether or not the victim is a parent. 55 percent of consumers that identified themselves as being parents said they would pay a ransom to recover access to photos that had been encrypted, versus only 39 percent for consumers that don’t have children.

IBM might be interested in attracting attention to the issue because it has a product it thinks can protect businesses from Ransomware attacks.  IBM’s Resilient Incident Response Platform (IRP) is being enhanced with a new Dynamic Playbook for ransomware.

Ted Julian, Vice President of Product Management and Co-Founder at Resilient, an IBM Company, explained that the basic idea behind the Dynamic Playbooks is to help provide organizations with an automated workflow or ‘playbook’ for how to deal with a particular security incident.

The Resilient platform also enables organisations to run simulations to practice responses to potential attacks. Being prepared and having a plan for how to deal with security incidents is a good way for organisations to help control both the costs and the risks of a potential attack.

“Part of the value is giving organizations a platform to practice incident response, get educated and in doing so, bring order to what would otherwise be a very chaotic process,” Julian said.

Adobe rushes out a flash update

flash_superhero_running-t2Adobe has issued an emergency update for Flash after researchers discovered a security flaw that was being exploited to deliver ransomware to Windows PCs.

The software maker urged the more than a billion users of Flash on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible.

The bug was being exploited in “drive-by” attacks that infect computers with ransomware and poisoned websites.

Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.

Japanese security software maker Trend Micro Inc said that it had warned Adobe that it had seen attackers exploiting the flaw to infect computers with a type of ransomware known as ‘Cerber’ as early as March 31.

Cerber “has a ‘voice’ tactic that reads aloud the ransom note to create a sense of urgency and stir users to pay,” Trend Micro said on its blog.

Adobe’s new patch fixes a previously unknown “zero day” security flaw.

FireEye said that the bug was being used to deliver ransomware in what is known as the Magnitude Exploit Kit. This is an automated tool sold on underground forums that hackers use to infect PCs with viruses through tainted websites.

Macs hit by ransomware

bugMacs have been hit by a ransomware virus which locks computer users out of their files until they pay up.

Hackers have infected a number of Macs with “KeRanger” malware which demands owners pay a bitcoin (about £280) for their files to be unencrypted.

Users began unwittingly downloading the malicious programme as they tried to install popular software called Transmission, which is used to transfer data on BitTorrent.

The “ransomware” stays quiet for three days after infecting each computer – and then starts to make documents, photographs, videos and other precious files inaccessible.

Cyber security experts believe the “KeRanger” virus was loaded onto the Transmission website on and  Apple users could start receiving ransom demands from today unless they immediately install an updated version of the software.

Ryan Olson from Palo Alto Network said that this is the first example of Mac ransomware which is functional, encrypts your files and seeks a ransom.

Apple has revoked a digital certificate which had enabled the ransomware to be installed onto Macs in the first place although it is unclear how it ever got one in the first place.

Macs are not normal targets for virus writers, despite being used by the content industry. This is not because they are particularly secure, but because the sort of data they contain is rarely worth stealing or ransoming.


McAfee: Malware at highest level for four years

Malware attacks are at the highest level for four years according to a McAfee report, with a malicious code writers finding new ways to attack mobile devices.

The Intel owned security company today revealed the results of its quarterly Threats Report, highlighting a 1.5 million increase in malware since the first quarter of 2012.  

McAfee Labs’ 500 researchers uncovered almost 100,000 malware samples each day, as attacks became more varied.

“Attacks that we’ve traditionally seen PCs are now making their way to other devices,” Vincent Weafer, senior vice president of McAfee Labs. said.  

This included Apple’s Mac devices targeted by the Flashback trojan, for example, as well as the ‘Find and Call’ malware worming its way into the Apple Store.

Also, attacks on mobile devices continued to increase after an explosion of mobile malware in the first quarter, according to McAfee. Nearly all of the new instances of malware were directed towards the Android operating system – including mobile botnets, spyware and SMS-sending malware.

Ransomware, malware which restricts access to a device until money is given to the attacker, was also on the increase, and is becoming a popular tool for cybercriminals. Instances of ransomware, typically targeting PCs, have increased with attacks favouring mobile devices.

Cyber criminals have also found new ways to control botnets to ensure anonymity, such as using Twitter.  Botnets, computer networks of infected machines used to send spam or to launch distributed denial of service (DDOS) attacks, are now being controlled through the social media site, with attackers tweeting commands to all infected devices. Overall instances of botnet infections reached a 12 month high during the quarter.

Malware being spread through USB thumb drives showed significant increases, with 1.2 million new samples of the AutoRun worm.  Password stealing  malware samples also increased by 1.6 million. 

Kaspersky unearths 1024-bit encryption ransomware with a vengeance

Kaspersky Lab has discovered a new ransomware that uses 1024-bit encryption, making it very difficult for malware researchers to crack.

The ransomware acts similar to the GpCode trojan that was active between 2004 and 2008, but now Kaspersky believes the author of that malware may be back with a new offering.

The problem with this attack and with other ransomware is that it encrypts your files and demands that you follow a series of actions, which could be to install more malware or to make a payment to the malware’s creator. Effectively it holds your files to ransom. Duh.

Security firms have developed decryption tools to help recover files in the past, but this new ransomware features far stronger encryption, utilising the RSA-1024 and AES-256 crypto-algorithms. Kaspersky is attempting to find a way to recover files, but currently it is almost impossible to get them back.

Kaspersky has some advice should users encounter this problem. Firstly, users must become aware of the situation. That’s the easy part as your desktop wallpaper will probably be changed to display text demanding payment or a Notepad file will open with similar information on startup.

Once aware, users should immediately hit the Power button and turn off their PC. We know Windows says you shouldn’t do that but heck this is your files. The longer it’s left the less likely it will be to recover files. Should they remain encrypted, Kaspersky recommends leaving the system untouched until a recovery method is discovered, as tampering with it in any way could risk chances of recovery.