Heads-up! Individual ransomware payments are getting very expensive. Companies are stockpiling Bitcoin in case they are hit, and a new low-profile strain of ransomware is actually causing a data breach. If you need more IT security budget, this is the most powerful ammo I have seen.
I suggest you drop what you are doing and walk over to the person who holds the budget strings and tell them "We urgently need to start training and phishing our users and I need budget now", if you have not yet rolled out new-school security awareness training.
Health Center Paid 68 Bitcoins To Get 250 Machines Back
We were called by a health center that had 250 machines encrypted, including their MRI and other medical devices all running old versions of Windows. They first paid 28 Bitcoin, but then the bad guys wanted 128 instead. Ultimately the negotiations settled on 68 Bitcoin, which at the moment is just under 40 grand, according to the Bitcoin price index. The health center is back in business after 5 days of downtime. Here are a few other stories that have surfaced in the press, meaning there are dozens if not hundreds more that have been kept under wraps.
University Pays Hackers $20,000 To Get Back Its Ransomware Infected Files
“Recently, the University of Calgary in Alberta paid a ransom of $20,000 to decrypt their computer systems’ files and regain access to its own email system after getting hit by a ransomware infection. The University fell victim to ransomware last month, when the malware installed itself on computers, encrypted all documents and demanded $20,000 in Bitcoins to recover the data.”
How Hackers Held A School District Hostage For Almost $10,000
This is what happened to Horry County Schools (HCS) of Conway, S.C., earlier this year. Using a type of malicious software designed to block access to a computer system until a sum of money is paid (aka, “ransomware”), on February 8 hackers used high-level encryption to lock up the district’s data. The criminals then held that data for ransom and demanded the district pay nearly $10,000 via Bitcoin for the encryption key.
Companies Are Stockpiling Bitcoin in Case They Get Infected with Ransomware
A study among UK companies shows that many of them are building a reserve in various cryptocurrencies like Bitcoin, in case they are infected with ransomware and need to pay cybercriminals. Of 250 UK IT and security managers surveyed by Citrix and Censuswide, about one third of UK businesses are worried enough about a cyber attack to create these accounts.
It was also discovered that UK companies hit with ransomware are willing to pay a lot of money to get their files and IP (intellectual property) back, as much as £50,000 ($72,700).
The exact percentages are 36 percent of the companies with 250-500 employees, 57 percent of the businesses with 501-1,000 employees, and 18 percent of the firms with over 2,000 employees.
Low-profile Crysis Ransomware Is Actually Causing A Data Breach
Since the sudden demise of TeslaCrypt, we were looking for Locky to grab more market share but something unexpected happened. Researchers at ESET have discovered that an under-the-radar ransomware known as Crysis has been silently and quickly gaining momentum, and is currently even more prevalent than Locky.
As per ESET, Crysis encrypts virtually all file types – including those with no extension – on fixed, removable and network drives. “Most ransomware families are encrypting files with specific extensions, so this behavior is unusual,” said Ondrej Kubovic, EMEA security specialist, in an email interview with SCMagazine.com. “As a result, the “affected computer may become unstable.”
Crysis was first detected in February 2016, and it spreads through a number of vectors. The most common one is widespread phishing emails that use double file extensions that make executable files appear to be non-executable. The bad guys are also “disguising malicious files as harmless-looking installers for various legitimate applications, which they have been distributing via various online locations and shared networks,” the ESET blog post states.
Here Is How Crysis Causes A Data Breach
Beyond encryption, this ransomware grabs admin privileges, collects the victim computer's name and some encrypted files and sends them to a remote command and control server. Files "leaving the building" gets us into actual data breach territory, and absolutely no one wants to go through one of those. They are incredibly disruptive and extremely expensive.
I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote and you will be pleasantly surprised.
Don't like to click on redirected buttons? Cut & Paste this link in your browser: