Imagine you administrate a datacenter. Actually, that may not be much of a stretch – that may be exactly what you do in real life.
You do most of your work on a Windows Server 2016 machine, managing a few hundred Windows 10 clients through Active Directory. You return from your lunch break and wake your computer out of sleep by moving the mouse. When your displays light up again, each of your desktops has a note open in a web browser: “We have encrypted all of your files. Send 1 bitcoin to this address in 48 hours or your files will be gone for good.” Damn it!
I first encountered ransomware as a remote tech support agent in 2007. Cryptocurrencies didn’t exist back then, so the ransom notes demanded credit card numbers. We were instructed to plead with customers to not enter their credit card numbers, and to walk them through a re-install of Windows.
Some of the ransomware families that existed back then, such as Dharma, still exist today, but cyber attackers have made many technical improvements to both older strains of ransomware and to new strains as well. These improvements include taking cryptocurrency ransoms (usually in bitcoin), which are more difficult to track than credit cards; antivirus evasion techniques like injecting executables into processes and stronger crypters; and connections to command and control servers so that cyber attackers can tweak how their malware behaves and send their victims even more malware in the future.
Some of the newer types of ransomware, such as SamSam, have cost enterprises, businesses, and institutions millions of dollars. SamSam’s most notable victims include many large hospitals and the City of Atlanta. Ransomware may have started with consumers years ago, but now it’s one of the biggest cybersecurity threats that industries (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Kim Crawley. Read the original post at: https://threatvector.cylance.com/en_us/home/report-sheds-light-on-massive-ransomware-problem.html