• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Ransomware Updates: Newest Threats, Protection Best Practices

Ransomware Updates: Newest Threats, Protection Best Practices

  • Posted on:September 20, 2017
  • Posted in:Industry News, Security
  • Posted by:
    Trend Micro
0
Advancing ransomware capabilities enable hackers to tailor the ransom amount depending upon the number of infected systems.

 

Ransomware has consistently been in the spotlight since attacks first began emerging a few years ago. Now that new and powerful samples like WannaCry are being used to infiltrate large-scale organizations, ransomware continues to grab headlines.

According to Trend Micro, one of the latest ransomware attacks involving the fearsome sample WannaCry took place in mid-August, when LG Electronics was infected. Due to the breach to the company’s service centers, service kiosks had to be shut down to prevent the ransomware from infecting other systems in the business.

This instance, like many in the news lately, demonstrates the threat that ransomware can pose to businesses in any industry. The first step toward protection is awareness, including education about the latest threats. In today’s ransomware update, we’ll take a look at some of the newest attack styles being used today, as well as the best ways your organization can guard against ransomware.

New Locky variants discovered

Locky is a formidable ransomware sample, typically categorized in the same league as WannaCry. In late August, Trend Micro researchers discovered new variants of this sample, adding to the growing RANSOM_LOCKY family.

The variants are connected to several ransomware campaigns, backed by more than 11,600 unique IP addresses within over 130 countries. In a single day, the campaigns were responsible for more than 62,000 spammed messages, which include a malicious, attached Word document, .pdf file or image file. Once opened, the sample encourages victims to enable certain capabilities that allow ransomware detection by some onboard security solutions. Victims are then asked to pay 1 bitcoin, or about $2,200 to $4,200 for the return of their encrypted files.

Currently, there are several Locky variants being used, including at least three versions popping up in recent weeks. In this way, Locky continues to be a top threat when it comes to ransomware infections.

“Even with payment, hackers will only decrypt half of the infected hardware systems.”

SAMSAM demands increasingly costly ransom

SAMSAM, a sample that first emerged in April, appears to have been updated with new capabilities lately. According to Trend Micro, hackers now have more visibility over the infection than ever before and are tailoring their ransom demands according to the number of affected systems.

Alongside heightened reports of SAMSAM distribution, security researchers also discovered changes in ransom demands. SAMSAM requests 1.7 bitcoin, or approximately $7,267 if one machine is infected, and the ransom increases to 6 bitcoin, or more than $25,000 if more than one system is affected – and even with payment, hackers will only decrypt half of the infected hardware systems. SAMSAM demands 12 bitcoin, or $51,000, to decrypt all maliciously encrypted machines.

This case demonstrates the strong motivation behind ransomware infections. Cybercriminals are known to make considerable profit, especially with a sample like SAMSAM that demands such a considerably high ransom.

Defray targets specific industries

While every organization can be a victim of ransomware, certain samples, like the recently discovered Defray, focus on specific verticals. Trend Micro reported that Defray appears to favor victims in the health care, education, manufacturing and technology spaces, leveraging advanced phishing emails to support infection. Victims are asked to pay $5,000 for decryption, and are urged to use either email or BitMessage to communicate with hackers and organize payment.

Businesses in these industries should be particularly aware of Defray, and ensure that IT and security admins make efforts to educate employees about phishing emails and other suspicious activity.

Ransomware continues to be a top cybersecurity threat, and remaining educated about the latest threats is a beneficial step toward proactive protection. Ransomware continues to be a top cybersecurity threat, and remaining educated about the latest threats is a beneficial step toward proactive protection.

CRYPSHED leans on the legitimacy of Amazon

One of the latest ransomware advancements centers around CRYPSHED and its new variant that disguises itself as an Amazon confirmation email. Hackers have been leveraging increasingly sophisticated messages to encourage victims to open and launch infections, and this new CRYPSHED variant falls perfectly in step with these practices. The sample’s malicious email even includes the “amazon.co.uk” logo in its header, further hoping to trick victims.

Guarding against ransomware

The vast majority of ransomware samples have one thing in common: they leverage a malicious email that typically includes an infected link or attachment to launch the ransomware file within the victim’s system. In this way, the best way to guard against infection is to block samples at the web and email gateways within your organizations infrastructure.

Check out this blog to find out more about protection best practices, and contact Trend Micro about advanced security solutions today.

Related posts:

  1. What Happens When Victims Pay Ransomware Attackers?
  2. Ransomware one of the biggest threats in 2016
  3. The history of ransomware: From CryptoLocker to Onion
  4. Ransomware’s newest target: The electric grid

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.