Cyber security firm Symantec said on Monday it was "highly likely" a hacking group affiliated with North Korea was behind the WannaCry cyber attack this month that infected more than 300,000 computers worldwide and disrupted hospitals, banks and schools across the globe.
Ransomware is computer malware that installs covertly on a victim's device and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
The Split Tunnel SMTP Exploit allows an attacker to bypass an organization’s email security gateway and inject messages with malicious payloads directly into the victim’s email server. This exploit targets a newly discovered vulnerability in popular Email Encryption appliances as a backdoor.
A Department of Homeland Security official told Reuters earlier this week that some U.S. critical infrastructure operators have been affected by the recent WannaCry ransomware campaign.
The emerging threat becomes clear: criminals with no programming knowledge are now able to target any organization or person with minimal effort. And what better way to maximize the payout than to target those industries where lives immediately depend on network connected devices that can be ransomed?
Both iOS and Android devices are targeted by hackers, but data suggests there is more Android malware in circulation than for iOS; a recent report by F-Secure goes so far as to say 99 percent of all malware that targets mobile devices is designed for Android.
Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing an outbreak of version 2.2. of this product.
CryptoLocker is exploding and organizations large and small are being hit with ransomware attacks that hold their computers and networks hostage in exchange for ransom. Attacks have halted patient care and effectively stopped organizations in their tracks. Ransomware has been around for years, however, CryptoLocker attacks have risen sharply in recent months
Symantec has released a detailed report on ransomware.
The New Jersey Cybersecurity & Communications Integration Cell keeps updated profiles on all known ransomware variants.
The Institute for Critical Infrastructure Technology released a report describing how ransomware has developed, the types of ransomware, how they are distributed, what the main targets are for ransomware, and what to do if your system is compromised.