A large-scale ransomware attack reported to be caused by a variant of the Petya ransomware is currently hitting various users, particularly in Europe. This variant, which Trend Micro already detects as RANSOM_PETYA.SMA, is known to use both the EternalBlue exploit and the PsExec tool as infection vectors.Read More
In early December, GoldenEye ransomware (detected by Trend Micro as RANSOM_GOLDENEYE.A) was observed targeting German-speaking users—particularly those belonging to the human resource department. GoldenEye, a relabeled version of the Petya (RANSOM_PETYA) and Mischa (RANSOM_MISCHA) ransomware combo, not only kept to the James Bond theme of its earlier iteration, but also its attack vector.
Given ransomware’s likely outlook to reach a plateau, persistence in the threat landscape and diversification of target victims are the names of the game. GoldenEye exemplifies bad guys trying to gain scale, leverage, and profit with rehashed malware.Read More
Apart from understanding the ransomware tactics and techniques beyond encryption, it is equally important to understand how they arrive in the environment. Our recent analysis reveals that majority of ransomware families can be stopped at the exposure layer—web and email. In fact, Trend Micro has blocked more than 66 million ransomware-related spam, malicious URLs, and threats from January to May 2016.Read More
How do companies regardless of size and industry prepare for ransomware attacks? A recent study revealed that businesses are considering saving up Bitcoins, just in case they get hit by these threats and can recover their confidential files in a short span of time. While we don’t recommend succumbing to the ransom payment as it doesn’t guarantee that you’ll get your files back plus you’ll be prone to more ransomware attacks, we can’t also blame these large organizations and businesses for doing so.Read More
In the first four months of 2016, we have discovered new families and variants of ransomware, seen their vicious new routines, and witnessed threat actors behind these operations upping the ransomware game to new heights. All these developments further establish crypto-ransomware as a lucrative cybercriminal enterprise. As we predicted, this year is indeed shaping up to be the year of online extortion, and while the security industry may be doing an admirable job of keeping up with the latest new tactic and providing solutions, the not-so informed public and organizations may very well be on the receiving end of a crippling malware that can destroy personal and corporate files, as well as lead to huge financial losses.Read More