CYBER BLOG: Ransomware still works

CYBER BLOG: Ransomware still works

Ransomware has been a problem for companies for a number of years. The press have widely covered some of the larger attacks that have taken place over the years such as Wannacry and Not Petya. Considering the coverage that this type of malware receives, why is it so successful for the criminals?

The main reason that we are still getting ransomware attacks is due to the fact that people are still paying the ransoms to the criminals. Last week it was reported that the creators of one type of ransomware, SamSam, have extorted nearly $6million since it was first released in December 2015. Researchers at security firm Sophos have tracked Bitcoin addresses owned by the attackers and believe that they are still netting around $300,000 every month.

One of the other standouts of this ransomware is the way in which it is delivered to victims. Rather than an unplanned blanket attack using spam email, this variant seems to be much more targeted, with victims chosen and systems infected manually. The attackers first breach the network and then manually install and spread the ransomware using vulnerabilities in the systems they have attacked. This helps stop the malware from spreading out of control and attracting unwanted attention, as in the case of Wannacry and Not Petya. The attackers can pick specific targets and keep track of those they have infected.

SamSam is not the only type of ransomware out there though. We all need to be cautious of the more ‘run of the mill’ variants of ransomware. Typically, these are delivered by more traditional methods such as phishing emails. Companies need to make sure that staff are properly trained in spotting phishing emails and potentially malicious websites. Our firewalls and spam filters do not catch every malicious email that is sent to our organisations and it is essential that staff know what to look out for.

Further to this, organisations need to make sure that they are regularly backing up their data and keeping systems and software up to date.

For more advice on cyber security, contact [email protected]

Gerry Grant, Chief Ethical Hacker

Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.

Forgot password?