Barracuda

Reclaim Your Network

You are here: Home / Archives for Ransomware

Time to Turn SMB Herd Mentality into a Mutual Defense Strategy

by Leave a Comment

When it comes to IT security most small-to-medium (SMB) businesses have a herd mentality. They know there are predators. They just assume that given the size of the SMB they figure that the odds are good some company other than them will fall victim. What that thinking fails to account for is how efficient the predators are becoming at hunting.

A new report from Malwarebytes, a provider of malware removal tools, published this week makes plain the size and scope of the problem. The report finds that amount of malware being discovered with SMB organizations in the U.S. with fewer than 1,000 employees from the first quarter of 2016 to the same period in 2017 has increased a startling 165 percent. Even accounting for the fact that organizations might be getting better at discovering malware, that increase in volume suggests that either there are a lot more predators or they have become much more efficient in terms of launching attacks. The truth is a little bit of both. Cyber criminals have developed an elaborate marketplace through which they sell and share exploits. That makes it simpler for cyber criminals with limited skills to employ malware. At the same time, cybercriminals are taking advantage of bots and adware to spread malware more broadly than ever.

[Read more…]

Wannacry, Erebus, and Mole make it a big week for ransomware

by Leave a Comment

There’s so much going on with ransomware that we can’t stick to just one topic.  This week we’ll take a look at three interesting attacks that occurred around the world. 



Let’s start with Wannacry, which is probably the most famous ransomware in history.  Last time we talked about this ransomware, it was in full attack mode around the globe.  Eventually, this attack settled into an ebb and flow pattern, on a much smaller scale.  The news around Wannacry had slowed to a trickle until Monday, when attackers were able to successfully use the ransomware against Honda networks in North America, Japan, Europe, and China.

In response to this attack, Honda stopped operations at its Sayama plant, which manufactures about 1,000 vehicles per day.  Sayama operations were back online by Tuesday, and no other facilities were impacted by the ransomware.  Honda did make an extra effort to secure its systems during the May attack and gave no details on how the ransomware made its way into the systems this week. 

[Read more…]

Ransomware and K-12 – Threats and Solutions: Training and Awareness

by Leave a Comment

*Note: This is the first post in a multi-part blog series that addresses ransomware threats and solutions in K-12 environments.

In February of 2016, South Carolina’s Horry County School District had no choice but to pay a $10,000 ransom to unlock critical data and systems following a ransomware attack. But, could the attack have been prevented — or perhaps after the school district was attacked, could they have avoided paying the ransom?

It’s no secret that we’re right in the middle of a ransomware epidemic, where the example here of Horry County having to pay to unlock critical files has become far too common. But what if Horry County’s users were more aware of how to detect possible threats like ransomware? Would the outcome have been different? Let’s take a look at why proactive user training and awareness can help keep students and faculty stay safe from cyber threats. 

[Read more…]

What can we learn from the UCL ransomware attack?

by Leave a Comment

Just in time for our Thursday ransomware post, news breaks that University College London has been hit by a ransomware attack that brought down the UCL student management system as well as shared network drives.  Some of the closely related University College London Hospitals have also shut down their email systems to quarantine themselves from attack.  There are no reports of the hospital group being affected by the ransomware other than this preventative downtime.

What do we know?

The particular ransomware strain is unknown, as is the infection method.  UCL initially believed that the ransomware attack was launched through a phishing attack on Wednesday afternoon (BST).  Phishing is one of the most common methods of ransomware deployment.  According to a recent report by PhishMe, the number of phishing emails hit 6.3 million in the first quarter of this year, and 93% of them included ransomware.

Put simply; a phishing attack is an email designed to trick the recipient into taking a particular action.  The action may be to enter credentials into a form, visit a compromised website, or open a malicious attachment.  Attackers research their targets and craft their email attack based on what they learn.  A more sophisticated version of this is a spear phishing attack.  Spear phishing is more personal and has a higher success rate.  There aren’t enough details about the UCL attack to know what kind of phishing may have been used to deploy the ransomware. 

[Read more…]

Cyberattacks: A real business concern

by Leave a Comment

Email remains the number one threat vector. This is backed up (again) by a recent Barracuda survey, which found that of those organizations able to identify the source of a ransomware attack, a staggering 76 percent came through email.

And when it comes to email threats, phishing – and particularly spear phishing – have become a lucrative art. These attacks work because they are personalized. Criminals go to great lengths to create very compelling attacks, leveraging the incredible amount of information we make available online.

All it takes is one click on a malicious file or link, or one send of sensitive materials to an impostor, and the future of your business could be in jeopardy.

[Read more…]

Spear phishing and ransomware are a perfect match

by Leave a Comment

The latest edition of Social Engineer Newsletter includes an article on the psychology behind ransomware.  The author, Mike Hadnagy, talks about why people fall for ransomware attacks and then gets into some methods that help protect people from this crime. 

Hadnagy uses a few different examples, but the one that stands out is something that happened to his friend a few months ago.  She was at work processing invoices, and she opened an email that looked legitimate.  The attachment was supposed to be an invoice, and she didn’t notice that the email wasn’t sent by a legitimate party.  Shortly after opening the email and attachment, she was presented with a Cerber Ransomware instruction screen.

What happened here is easy to see:  the victim was involved in her work and automatically started processing her next task (the email) without realizing that task had been poisoned by an attacker.   We’ve blogged about this before here and here:   the user is the weakest link in the organization because the user is subject to fatigue and distraction.  Criminals know this, so they do their best to reach specific individuals with an email based on a believable premise.

[Read more…]

Ransomware never stands still

by Leave a Comment

Last year I wrote about the evolution of ransomware, from the first floppy drive to the domination of Crytowall, Locky, and Teslacrypt.  In the 14 months since that post, the ransomware business has boomed.  

Here are just a few of the things ransomware has accomplished in the past year:

We could go on and on, but you get the idea.

[Read more…]

Barracuda

Resources


Websites

Contact Us

Follow Us