Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing an outbreak of version 2.2. of this product.
Ransomware is computer malware that installs covertly on a victim's device and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
CryptoLocker is exploding and organizations large and small are being hit with ransomware attacks that hold their computers and networks hostage in exchange for ransom. Attacks have halted patient care and effectively stopped organizations in their tracks. Ransomware has been around for years, however, CryptoLocker attacks have risen sharply in recent months
Symantec has released a detailed report on ransomware.
Ponemon Institute LLC released the findings of a survey they conducted sponsored by Carbonite. This report describes how companies are preparing for and dealing with ransomware attacks.
The New Jersey Cybersecurity & Communications Integration Cell keeps updated profiles on all known ransomware variants.
The Institute for Critical Infrastructure Technology released a report describing how ransomware has developed, the types of ransomware, how they are distributed, what the main targets are for ransomware, and what to do if your system is compromised.
Cisco released a guide describing ransomware and recommendations for preventing a ransomware infection.
The Office of the New York State Comptroller released a guide on ransomware, what to do before paying the ransom, and how to reduce your chances of falling victim to ransomware attacks.
Bromium released a report analyzing Crypto-Ransomware. Crypto-Ransomware uses strong encryption to lock files on a victim's computer until the ransom is payed. This report includes analysis of several versions of malware including CryptoLocker, Cryptowall/Cryptodefense, and TorrentLocker. It also includes the most common files encrypted by this malware and
Unlike most ransomware out there, which focuses mainly on encrypting local files, Samas spreads inside the entire network to encrypt files on every server and computer, the researchers say. This operation is performed in three steps: the attackers steal domain credentials, identify targets via Active Directory reconnaissance, and then move laterally through