Search
Homepage Rankings and Research Companies CRNtv Events WOTC Jobs Tech Provider Zone

WATCH: Ransomware Is More Sophisticated Than Ever, Report Says

A new report from Sophos sheds light on the rise of targeted ransomware. Here’s what partners need to know.


Reports of ransomware may be fading from the headlines, but a new report from Sophos finds that the threats are actually steadily increasing.

“A lot of victims of ransomware don’t come forward - don’t report it to authorities, which leads to reports of ransomware going down,” said Peter Mackenzie, Global Malware Escalations Manager at U.K.-based security software firm Sophos. “We would say that’s the opposite. It’s becoming more sophisticated, more targeted, more destructive to the people it hits.”

Targeted ransomware has the power to extract more money from one victim than all of the WannaCry ransoms put together. Sophos’ report takes a deep dive into a few recent attack examples: SamSam, BitPaymer and Dharma.

“These ransomware attacks target individual organizations and typically they either take out all their servers or take out all their servers and their endpoints, and basically take out as much of that company as possible without spreading around the world,” said Mackenzie.

[Related: Sophos: SamSam Ransomware Creates A New Victim Each Day]

The numbers speak for themselves. Since 2015, SamSam has stolen over $6 million, and BitPaymer has nabbed $1 million in just one month. Mackenzie tells CRNtv that the victims most at risk are those who leave their organizations vulnerable with weak passwords.


In a typical targeted attack, Sophos reports that the hackers follow a similar structure. They’ll gain entry via a weak RDP (Remote Desktop Protocol) password, escalate their privileges until they’re an administrator, use those access rights to overcome security software, spread and run ransomware that encrypts a victim’s files, leave a note demanding payment and then wait for the victim to contact them via email or the dark web.

But, while each attack is very similar, Sophos reports that what makes targeted attacks so threatening is that the attackers are on-hand to improvise.

“Writing ransomware that isn’t detected by security software is no easy task, so attackers will often look for a way to outflank it by exploiting operating system vulnerabilities that let them elevate their privileges,” writes Mark Stockley in the report.

[Related: WATCH: What You Missed From XChange University: IT Security]

Mackenzie says solution providers should act as trusted advisors for their customers. He says a strict patching protocol for the operating systems and the applications that run on them is critical. But, in a worst case scenario and a customer is hit by an attack, he shares this tip:

“Make sure they have offsite and offline backups. The key word is offline. In these kind of attacks, the bad guys got into your network and they are using your domain admin accounts. Those are the same accounts you use to access your backups. So if they can access your backup, they will encrypt or use your backups. You need to have them inaccessible to the bad guys.”

For more of Mackenzie’s interview watch the above video.

Back to Top

Video

 

sponsored resources