SECURITY OUTFIT Kaspersky has sounded the alarm bells after discovering that there has been a huge rise in targeted ransomware attacks on large organisations.
Anton Ivanov, a researcher at Kaspersky, said that in late 2016, his team detected an increase in the number of incidents where malware was used to target attacks on large organisations to steal money. The method would be to launch an 'encryptor' - ie: ransomware - on an organisation's network nodes and servers.
He said that this method of attack can be financially rewarding with very little effort. The cost of developing ransomware is significantly lower than other types of malicious software, and they are specifically put together to make money and affect a wide range of potential victims.
"Today, an attacker (or a group) can easily create their own encryptor without making any special effort," said Ivanov.
He gave the example of the Mamba encryptor based on DiskCryptor, a piece of open source software: "Some cybercriminal groups do not even take the trouble of involving programmers; instead, they use this legal utility ‘out of the box'".
The method goes as follows: the criminals would search for an organisation that has an unprotected server with Remote Desktop Protocol (RDP) access, they would guess the password or buy access to it on the black market, and then they would encrypt a node or server manually.
According to Ivanov the cost of the attack is minimal, while the profit "could reach thousands of dollars".
In some cases, partners of well-known encryptors use the same scheme but they use a version of a ransom program purchased from the group's developer instead.
But Ivanov suggested that the more sophisticated criminals are also "active on the playing field" - meaning that they carefully select targets such as major companies with a large number of network nodes, and then organise attacks that can last weeks.
After seeking out a potential victim and assessing whether there is a possibility of penetration, the criminals would penetrate the organisation's network by using exploits for popular software or Trojans on the infected network nodes.
They would then gain a foothold on the network, research its topology, acquire the necessary rights to install the encryptor on all of the organisation's nodes and servers and finally install it. µ
Smartphone launches across the UK, O2 and Vodafone tariffs available
Strange keyboard-toting smartphone impresses, but likely has limited appeal
Let a thousand flowers bloom, etc
We'll leave you to make the obvious joke...