Ransomware Infections Growing

Monday, May 9, 2016 @ 07:05 PM gHale


There has been an increase in ransomware infections, which took a sharp turn at the start of 2016, reaching record levels during the past month.

What is interesting to note is the report in the increase in ransomware is not coming from just one research report, but two, plus the FBI.

RELATED STORIES
Ransomware Attack Hurts MI Utility
Stolen Emails, Attacks Keep Growing
DDoS Attacks Increase, IoT Risks Growing
C-Level Never gets Security Updates: Report

In one account from Kaspersky’s Q1 IT Threat Evolution Report, the security firm detected 2,900 new ransomware variants (modifications), which represented a 14 percent increase compared to the previous quarter.

Kaspersky said its malware database now includes 15,000 ransomware modifications, which means that, during the past three months, the company detected about 20 percent of its entire database.

Additionally, the company said in the first three months of the year, its security products detected and stopped 372,602 ransomware attacks, of which 17 percent were against corporate targets.

Meanwhile, the Enigma Software Group (ESG) also reported in February, they saw a 19.37 percent increase over January in terms of detected ransomware attacks.

The company also reported March had a 9.46 percent increase over February, and the number of detected ransomware attacks more than doubled in April, compared to those in March. ESG reports a 158.87 percent spike.

On top of those two reports, the FBI reissued its ransomware alert.

Late last month, a ransomware attack hit the corporate computer network at the Lansing Board of Water and Light (BWL) in Lansing, MI, officials said.

System redundancies and separation of BWL’s corporate computer network from the utility network saved the day and allowed the organization to continue operations, said general manager Dick Peffley.

“I’ve never seen anything of this magnitude,” he said. “We’ve had smaller problems, but nothing that’s shut the entire corporate network down like this.”

Email, phones, computers, printers and other technology on the administrative side remain shutdown, officials said.

Trent Atkins, the utility’s director of emergency management, said there’s no timeline on repairs.

“BWL was attacked by a computer virus that placed encryption software on our corporate network,” he said. “The BWL initiated our disaster response and recovery plan by isolating the virus and a self-imposed shutdown of our system.”

In just another snapshot of the growth of ransomware, PCs across multiple organizations could end up suffering from a file-encrypting ransomware attack because of out-of-date software, researchers said.

Ransomware attacks aimed at organizations have been increasingly common and bad guys are coming up with new methods to make their operations more effective and profitable.

Attackers behind a piece of ransomware whose existence came to light in March, called “Samsam,” have been compromising out-of-date JBoss application servers and leveraging them to access other machines on the network in an effort to get them infected, said researchers at Cisco’s Talos.