April 7, 2016 By Douglas Bonderud 2 min read

Ransomware is getting a lot of attention these days. Its popularity makes sense: As noted by Ars Techinca, for example, ransomware phishing emails are now scraping LinkedIn and other sources for reliable data on employees and then shooting legitimate-looking email spears to companies around the world. Once infected, many businesses consider paying out and walking away since they can’t risk bad publicity or the loss of critical files.

Cybercriminals aren’t resting on their laurels. New ransomware incidents suggest that not only are bad guys stepping on the gas, but they’re also changing direction to increase their earnings.

Fast and Locked

Three years ago, ransomware was a niche market; brute-force hacks to grab point-of-sale (POS) data or disrupt corporate operations were the de facto standard. But increasingly sophisticated methods to conceal encryption code and prevent white-hat firms from disinfecting compromised computers, coupled with the massive scare factor of a locked-out device, conspired to make this particular brand of attack a lucrative endeavor. Now, ransomware is an industry unto itself, complete with market leaders, knock-off kits and even customer service.

According to CSO Online, companies are dealing with an influx of ransomware attacks. Security firm Stroz Friedberg saw three to four cases per week over the first quarter of 2016 spread across multiple industries. What’s more, the asking price is on the rise, prompting some companies to consider payment rather than remediation.

Prevention is the ideal defense, either through increased awareness of common tactics or improved detection systems that catch ransomware in its earliest stages. The problem? Malware-makers are changing targets.

Ransomware Incidents Start Fresh

Companies are familiar with common ransomware incidents. Often, legitmate-looking emails arrive in employee inboxes or users are victimized by drive-by downloads. But as noted by PCWorld, the bad guys are changing direction. Now, they’re taking a more direct route by targeting unpatched server-side software.

The threat is called Samsam, and it works like this: Attackers use Jexboss, a legitimate penetration tool, to exploit the JBoss enterprise application server. If they discover unpatched software, it’s possible to install ransomware code directly, in turn compromising all connected computers.

A recent ransomware incident asked for more than $18,500 in bitcoins after a successful Samsam attack. With most companies covering their bases for other, more familiar infection pathways, this innovative attack is a win-win for cybercriminals.

Ransomware is now an industry unto itself. Like any forward-thinking tech vertical, there’s big emphasis on speed and innovation; malware-makers are looking to ramp up their infection volume while also developing new and unexpected ways to slip past corporate defenses. For companies, this means it’s time to buckle up — 2016 may be a bumpy ride.

More from

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today