The ransomware market is rapidly expanding, and new and upgraded strains are released quickly. The FBI recently projected that the losses caused by ransomware infections could reach a billion dollars…in 2016 alone.
Here is a list of the most recent releases and/or upgrades:
In late July, thousands of legitimate WordPress business sites were hijacked to deliver ransomware to anyone that visits their website. The hijacked websites were redirecting visitors to a compromised site, where the payload was the very latest CryptXXX. If you are running WordPress as your website and/or blog, make sure you upgrade to the latest version. You should also minimize the number of plugins you use, to make the attack surface as small as possible.
The leading Cybermafias are furiously innovating to stay ahead of the copycats. Cerber has updated several times, like adding a DDoS, and the use of double-zipped Windows Script Files (WSFs) to evade detection. In July, the release of Cerber’s latest version put Office 365 users in the crosshairs. Victims were phished, and once they opened the attachment, Cerber encrypted their files.
A new ransomware type to surface in mid-July had some similarities to Cryptolocker and Jigsaw in terms of how it works. Stampado was marketed to CyberCriminals at a fraction of the cost of the usual ransomware ($39), and even included training videos to make sure that the CyberCriminals did it right. Stampado ecrypts files, then deletes chunks of the hostaged files after a lapsed time period, if ransom has not been paid. Stampado typically gives a 96-hour deadline before all files are deleted.
While CrypMIC is a copycat of CryptXXX (trying to rake in Bitcoin with a ransom note. Even it’s payment user interface is similar.). One twist is that CrypMIC does not append any extension names to files that have already been encrypted, which makes it hard to spot (which makes it hard to tell which files have been affected).
Uses Google Docs and other cloud apps to transmit encryption keys and gather user information to evade detection
This looks like a distant relative of Cerber. The malware scans its infected system’s local drives and encrypts over 142 file types, appending a “.bin” extention name to the locked file.
This is a copycat to CTB Locker. This is spread through fake profiles on adult sites. The fake profiles trick users with the promise of access to a password-protected striptease video. The victims click on the link provided, which leads to a download of the ransomware.
Discovered in July, this ransomware threatens to delete files unless a 0.2 bitcoin ransom is paid. Insult is added to injury when the files are deleted, whether ransom is paid or not.
Also new in July, this ransomware doesn’t encrypt files, it just deletes them.
This ransomware emerged shortly after the app was released. This ransomware installs a backdoor account, and allows the spreads to other drives. This strain has added bonuses, such as adding an admin account, and the ability to spread to all removable drives.
As you can see by the lengthy list above, ransomware is spreading fast & furious, with new versions and strains popping up all over the place.
The common factor? All of these ransomware strains rely on social engineering to capture their victims.
Now, more than ever, CyberSecurity is extremely important for businesses. You cannot simply relax & hope that either your business is too small for attack (ransomware spread by social engineering doesn’t care how big, or small, your business is!), or that you filters are going to catch it (they never do). Create your own “human firewall” by informing your employees about the risks, what to watch for, and what to do about it.