The ransomware attacks have been at an all-time high in the current year 2016. Security researchers have reported that ransomware like Cryptolocker and newer versions like Locky have been using more cunning and deceitful means to attack the systems and encrypt files and the most dangerous thing is that victims don’t even realize that they have been attacked.
These ransomwares then force the victims to pay the ransom or you can say goodbye to your data if you don’t have a backup. Also, it takes a lot of effort and time to get rid of these infections.
Various ransomware including Cryptolocker, TeslaCrypt, Locky, Petya and SamSam have cropped their heads over the period of January to March. They have infected over millions of systems ranging from small hospitals, stores, etc. to even huge news networks like the BBC, New York Times and the Newsweek.
The reason for this sudden upsurge in this kind of attacks have been attributed by the security researchers of various firms to the upgradation of these malware making them more penetrable and unbreakable by these attackers. These attackers have even been using new distribution methods, in some cases even without any user interaction whatsoever, you can get affected by these ransomware.
Earlier, most ransomware attacks occurred through phishing attacks, which required users to click on dubious infected links, but these new attacks are far craftier and need very little to no user interaction, making them even more dangerous. These attacks nowadays rely more on unpatched problems or negligent security practices.
Ransomware earlier used to target only small businesses and individuals, but now they have been attacking big sites like healthcare sector and online news networks with huge traffic. They have become more sophisticated and use craftier means and thus have become more difficult to detect.
Craig Williams, senior technical leader at Cisco Talos said, “Up till now most ransomware we’ve seen required a person to interact with it to infect the system, this is the first time we’ve seen traditional software being used to distribute ransomware.” He further added, “The frustrating thing about this is, in order to mitigate it all you have to do is follow standard best practices. Patch your servers. Have a backup. It’s that simple,” he said “A lot of people in the health industry don’t have proper administrators or a security staff so as a result things like backups aren’t happening. We think attackers are targeting health care because it’s an industry that will pay and has poor information security structure.”
This clearly means that the cybercriminals have been looking for servers that have neglected to patch a specific vulnerability and try to exploit them. These attacks can be easily undone by patching up the servers properly and having updated backups.
Healthcare sectors have been worst hit by these cyber criminals due to their lax internet security management. Even a story of a California hospital had broken out in February which had to pay $17,000 in bitcoin to cyber criminals to have their patient files decrypted.
Even big news networks like BBC, Newsweek and the New York Times were attacked by hacking tons of ad networks, including Google’s served malicious ransomware-installing ads through the Angler malware kit. These video ads distributed a large number of ransomwares including Cryptolocker, TeslaCrypt, and Locky.
Malwarebytes researcher Jerome Segura said, “We see a rise in malvertising attacks every weekend, but this was really out of the ordinary in terms of the numbers of publishers that were affected and the ad networks that were involved. We’d never seen so many attacks happening all at the same time.”
Though this attack only lasted 24 hours but it’s impact was very severe. This attack had a very widespread reach.
“The ads that were infected were video ads, which is why they made it through,” said Segura. “Most past malware attacks have happened via display ads or traditional ad banners, but this was a new vector and caught everyone by surprise.” He further said that though this campaign has ended temporarily, “We are going to see a lot more of that now since this had such an impressive effect.”
Proofpoint, the cyber security company which discovered that these malware didn’t need the users to interact with the ad at all, one could get the malware by simply visiting the site if they didn’t have up-to-date Flash Player, Silverlight, and Internet Explorer software.