Kaspersky Lab identifies eight groups specialised on Ransomware

more and more cybercriminals no longer set their extortion attacks against home users, but threaten targeted companies, the experts at Kaspersky Lab in a reported blog . Kaspersky Lab could make out eight different groups are attacking all over the world especially financial institutions with crypto Ransomware (encryption software). While there in some cases ransom demands in the amount of more than half a million U.S. dollars.

 Kaspersky Lab (image: Kaspersky)

groups identified to the eight authors PetrWrap malware that world is aimed at financial institutions, the infamous Mamba group and six other unnamed groups belong according to the security experts. The actors specialized in Ransomware bent more on companies, after they earlier had attacked home users and used also affiliate programs. The realignment has a simple reason according to Kaspersky Lab. The expected loss for the day-to-day operations after a Ransomware attack increase the willingness of enterprises to pay the demanded ransom. For cybercriminals, such attacks are more lucrative than flood attacks on home users.

as the specialists from Kaspersky explain, all groups do something similar in their attacks. The malware in the enterprise networks is fed via Server vulnerabilities or spear-phishing emails. You tried to get stuck there permanently, looking for business-relevant data resources that are then encrypted. Ransom is demanded for the decryption.

 the Mamba group uses an own encryption malware on the basis of open-source software DiskCryptor. (Image: Kaspersky) the Mamba group uses an own encryption malware on the basis of open-source software DiskCryptor. (Image: Kaspersky)

some groups is characterized by its own procedures. So, as the Mamba group uses an own encryption malware on the basis of open-source software DiskCryptor. The decryption software is installed using a legitimate program to Windows remote control. This approach is difficult to detect for the security professionals of the company. In some cases, the ransom per device is a bit coin, which is approximately equal to the sum of less than 1,000 euros (as of end of March 2017).

 also PetrWrap uses its own tools and sets itself up to six months in the network. These Ramsomware attacks directed mainly against large companies with many network nodes. (Image: Kaspersky) also PetrWrap uses its own tools and sets itself up to six months in the network. These Ramsomware attacks directed mainly against large companies with many network nodes. (Image: Kaspersky)

also PetrWrap uses its own tools and sets itself according to Kaspersky Lab for up to six months in the network. These Ramsomware attacks directed mainly against large companies with many network nodes.

“We must be prepared, targeted Ransomware attacks on companies will continue to grow and cause significant damage”, predicts Anton Ivanov, senior security researcher, anti-ransom, at Kaspersky Lab. “This trend is alarming because the players have just started their crusade against new and financially strong victims. There out there still a lot more potential victims for the Ransomware attack could have more devastating consequences.”

Kaspersky Lab’s experts recommend companies, back up data with regular backups, so that files in an emergency can be restore. Should insert, tool for business a security solution such as, for example, the Kaspersky Anti-virus Ransomware, which uses behavior-based detection. In due time, malware, including Ransomware, can be recognized by their behavior as such. So is also still unknown samples to can be identified.

each installed software on endpoints, but also on network nodes and servers, should be examined and be always up to date. Security assessments (for example, security audits, penetration tests, or gap analyses) to identify vulnerabilities and close. External suppliers and third parties have access to the corporate network, whose security policies should also be checked.

organizations supported the expertise or the intelligence of external security provider for the forecast of future attacks. Specifically should be made aware of and current Ransomware threats know that Kaspersky Lab staff in the operational area and all engineers in the company. Before malware can reach critical corporate resources at all, an effective security strategy can fend off attacks.

victims of Ransomware may contact NoMoreRansom.org . Here, patients get help to recover data without ransom payment. In addition provided Kaspersky Lab tools for victims of Ransomware under
NoRansom.kaspersky.com . DISPLAY

wireless networking: free ride for vehicles of the next generation of

has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.

Be the first to comment

Leave a Reply