Researchers of the Russian antivirus company called Kaspersky have noticed a large increase when it comes to ransomware attacks, especially the ones whose targets are large companies and organizations.
One of their researchers, Anton Ivanov, believes that the goal of the attacks are the companies’ servers and network nodes, on which the attackers want to deploy an encryptor. The attacks appear to be simple when it comes to carrying them out, and the encryptors are easily built, and pretty much available to everyone. Ivanov has stated that these criminals aren’t even making illegal software, but instead, they use the legal utilities while thinking “out of the box”.
Ransomware’s regular use is to attack regular, civilian computers. The wide range attacks are conducted, and the several successful ransoms are performed. That’s why these attacks are different and many people are worried because of their targeting nature.
It’s believed that the companies are right to be scared since the attack could potentially completely paralyze all of their data that’s business-critical. All of it could end up behind an encrypted wall.
This process literally turns the traditional purpose of encryption around. The point of encryption was to protect the data and the devices so that nothing can get through and steal the protected information. Now, the encryption has trapped the data and denies all access to its owners.
AlienVault’s security advocate, Javvad Malik, has stated that the companies are worried about possible leaks towards the media since the ransomware doesn’t exactly hide its presence. In that aspect, it’s pretty similar to the DDoS attacks. He also stated that this might lead to many questions inside the companies, and that “Executives will directly see the impact and direct many hard questions towards the effectiveness of security controls, what went wrong, how it can be improved etc. Nothing that a CISO will look forward to.”
Ivanov’s advice to the worried companies is to immediately take steps to protect themselves, especially when it comes to updating their software. Encode Group UK’s managing director, Graham Mann said that the companies are slow to react when it comes to taking precautions and trying to prevent the attack, as well as recovering from it.
A lot of companies has a hard time after the attacks like this, and many of them never manage to restore fully. And even the ones that manage to do so will lose at least one entire day’s work. It’s even worse if their entire server farm gets infected since that might lead to days and days of restoring the data.
Several other companies besides Kaspersky have taken notice of the situation. F5 Networks has said that there’s a better payout when the attackers target entire servers instead of individual people since companies that own those servers have a lot more money and their data is often way more important.