Survey: Ransomware Attacks Against Businesses on the Rise

Survey: Ransomware Attacks Against Businesses on the Rise

Cybercriminals are continuing to carry out ransomware attacks on organizations at a greater frequency, according to two new reports highlighted by Cnet’s Laura Hautala this week:

According to Verizon’s annual Data Breach Investigations Report, released Tuesday, ransomware attacks doubled in the last year. That’s especially alarming considering that they doubled the year before, too. … Ransomware accounted for 39 percent of all new malware infections tallied up in the Verizon report, which looks at more than 53,000 security incidents drawn from Verizon cybersecurity customers as well as reports from the US Secret Service and an international consortium of private sector companies.

The numbers match up with findings released Monday by cybersecurity company Malwarebytes, which found that while hackers are targeting consumers with ransomware less frequently, they’re hitting businesses with more of the attacks.

The threat of ransomware was thrown into stark relief last year, when the WannaCry attack, the largest such cyberattack in history, struck over 300,000 machines in 150 countries, exploiting a vulnerability in outdated versions of Microsoft Windows to lock victims out of their computers and demand ransoms of hundreds of dollars to restore access to their documents and data. Most ransomware attacks are much less sophisticated than WannaCry, which the US government ultimately blamed on North Korea, and rely on phishing scams that trick users into handing passwords or other personal data over to hackers, who can use this information to gain control of their devices.

Phishing and ransomware are of concern for HR departments in particular, first because this part of the organization is often a soft target for cybercriminals and second because employee behavior is the main weak point in most organizations’ cybersecurity strategies.

Read more

Ransomware Targets HR Departments with Fake Applications

Ransomware Targets HR Departments with Fake Applications

Ransomware is a form of cyberattack in which the attacker encrypts certain files on a user’s computer, locks them out of vital programs, or freezes their desktop, then demands payment to undo the damage—hence the name. HR professionals are particularly vulnerable to this form of malware as their jobs often require them to open emails and attachments from unknown sources. At ZDNet, Danny Palmer warns of a new ransomware program known as GoldenEye, a variant of the Petya family of ransomware, that exploits this vulnerability by disguising the malicious program as an innocuous job application:

The initial email contains a short message from the fake applicant, directing the victim to two attachments. The first is a covering letter within a PDF which doesn’t actually contain any malicious software, but is intended to reassure the target that they’re dealing with a standard job application. However, the second attachment is an Excel file supposedly containing an application form but which in fact contains the malicious GoldenEye payload.

Upon opening the Excel attachment, the target is presented with a document which claims to be ‘Loading’ and requires them to enable Macros to view the file. When Macros are enabled, GoldenEye executes a code and begins encrypting the users’ files before presenting them with a ransom note using yellow text — rather than the red or green used by other Petya variants.

The new ransomware campaign comes at a time when this type of attack is on the rise. Last month, Computerworld’s Lucian Constantin reported that encryption-based ransomware attacks were becoming more common and that criminals were increasingly targeting enterprises rather than individuals:

Read more