Ransomware is evolving

Cyber threats are becoming increasingly sophisticated and whilst criminals continue to earn hundreds of millions every year, the problem is likely to get far worse before it gets any better. The focus of ransomware threats are also shifting from home users to business and public bodies where significantly larger ransom demands can be made. This places an even greater emphasis on ensuring that your business infrastructure is as robust as possible to mitigate the likelihood of an infection.

Some ransomware statistics:

– 1 in 7 emails contain some form of Ransomware

– 300 new threats every minute

– Cryptolocker is believed to have generated $28 million in 4 months

– CryptoWall generated an estimated $380 million in one year

Ransomware-as-a-service

Ransomware authors are now making toolkits available online allowing anyone to theoretically create their own version of malware. Toolkits can be found on Github and similar websites for a fee of typically between £100 to £10k and provide the user with a program allowing them to specify exactly how they want their ransomware to behave, specify a ransom amount and a bitcoin wallet to receive payments:

Now affecting Linux devices too

Linux.Encoder.1 is a Linux ransomware variant specifically designed to target a security vulnerability in Magento ecommerce web software. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server. The attacker bypasses all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system.

Once Magento is patched the web server is secure but it is estimated that 35,000 servers were affected

Apple devices may become vulnerable

Apple devices have typically not been targeted by these sort of ransomware threats. However, evidence has appeared of two strains of ransomware which specifically target Apple devices which may suggest they will become a target in the near future.

proof of concept project – Mabouia

production ready strain – KeRANGER

As ransomware-as-a-service continues to evolve it is important your business data is secure and protected. Read our next article which explains the importance of a robust backup and business continuity strategy.

For information on how to improve your network security get in touch with us for a free network audit.