Research indicates the encryption ransomware attacks are primarily focusing on financial organizations

Sint Maarten, Security Analyst Summit, April 4, 2017 – / — Kaspersky Lab researchers have discovered an emerging and alarming trend: more and more cybercriminals are turning their attention from attacks against private users to targeted ransomware attacks against businesses. At least eight groups of cybercriminals involved in encryption ransomware development and distribution have been identified, and the attacks have primarily hit financial organizations worldwide. Kaspersky Lab experts have encountered cases where payment demands amounted to over half a million dollars.

The eight identified groups include PetrWrap authors, who have attacked financial organizations worldwide, the infamous Mamba group and six unnamed groups also targeting corporate users. It is worth noting that these six groups were previously involved in attacks targeting mostly private users and used affiliate program models. Now, they have refocused their efforts on corporate networks. According to Kaspersky Lab researchers, the reason for the trend is clear – criminals consider targeted ransomware attacks against businesses potentially more profitable than mass attacks against private users. A successful ransomware attack against a company can easily stop its business processes for hours or even days, making owners of affected companies more likely to pay the ransom.

In general, the tactics, techniques and procedures used by these groups are very similar. They infect the targeted organization with malware through vulnerable servers or spear phishing emails. Then they establish persistence in the victim’s network and identify the valuable corporate resources to encrypt, subsequently demanding a ransom in exchange for decryption. In addition to their similarities, some groups have their own unique features.

For instance, the Mamba group uses its own encryptor malware, based on the open source software DiskCryptor. Once the attackers gain a foothold in the network, they install the encryptor across it, using a legal utility for Windows remote control. This approach makes the actions less suspicious for security officers of the targeted organization. Kaspersky Lab researchers have encountered cases where the ransom amounted up to one bitcoin (valued at around $1,000 to the end of March 2017) per one endpoint decryption.

Another unique example of tools used in targeted ransomware attacks comes from PetrWrap. This group mainly targets major companies that have a large number of network nodes. The criminals carefully select targets for each attack that can last for some time: PetrWrap has been persistent in a network for up to six months.

“We should all be aware that the threat of targeted ransomware attacks on businesses is rising, bringing tangible financial losses,” said Anton Ivanov, senior security researcher, anti-ransom at Kaspersky Lab. “The trend is alarming as ransomware actors start their crusade for new and more profitable victims. There are many more potential ransomware targets in the wild, with attacks resulting in even more disastrous consequences.”

In order to protect organizations from such attacks, Kaspersky Lab security experts advise the following:

  • Conduct proper and timely backup of your data so it can be used to restore original files after a data loss event.
  • Use a security solution with behavior based detection technologies. These technologies can catch malware, including ransomware, by watching how it operates on the attacked system and making it possible to detect fresh and yet unknown samples of ransomware.
  • Visit the “No More Ransom” website, a joint initiative with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
  • Audit installed software, not only on endpoints, but also on all nodes and servers in the network and keep it updated.
  • Conduct a security assessment of the control network (i.e. a security audit, penetration testing, gap analysis) to identify and remove any security loopholes. Review external vendor and third party security policies in case they have direct access to the control network.
  • Request external cyberthreat intelligence: intelligence from reputable vendors helps organizations to predict future attacks on the company.
  • Train your employees, paying special attention to operational and engineering staff and their awareness of recent threats and attacks.
  • Provide protection inside and outside the perimeter. A proper security strategy has to devote significant resources to attack detection and response in order to block an attack before it reaches critically important objects.

To learn more about Ransomware targeted attacks, please read the blog post available at

Please check to see the tools we developed to help ransomware victims.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contacts:
Sarah Kitsos

Source: Kaspersky Lab

General Tags: cloud computing, online backup news, online backup, CEO interviews, top rated online backups, online backup providers directory, online file backup, online backup companies, backing up online, online backup reviews, data security, online backup services, SaaS, online file storage, online data backup, data storage, compare online backups, software as a service

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. Mine a Million: Kaspersky Lab Identifies Sophisticated Hacker Group Earning Millions through Mining Malware
  2. Kaspersky Research Finds Cybercriminals Stealing Guests’ Credit Card Data from Hotels Worldwide
  3. Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses
  4. Kaspersky Lab Finds Businesses are Unclear on How to Combat Targeted Attacks and DDoS
  5. New Research from Kaspersky Finds 45% of Employees Don’t Know How to Respond to a Ransomware Attack
  6. Kaspersky Lab Survey: Substantial Increase in Targeted Attacks Against Businesses
  7. Kaspersky Lab Patents Method to Protect Cloud Services from Cybercriminals
  8. Cybercriminals Using Popular TV Shows to Spread Malware, Finds Kaspersky Lab
  9. Kaspersky Research Finds 174 Municipal Institutions Targeted with Ransomware in 2019
  10. Kaspersky Lab Identifies Increase in Apple Phishing Scams

Tags: ,