June 1, 2020 By David Bisson 3 min read

Last week in security news, researchers revealed that the average ransomware demand grew 14 times over a one-year period from 2018 to 2019. Ransomware wasn’t the only malware category that made headlines this past week. A strain of Android malware caught researchers’ attention by limiting its malicious activity to a single capability. Yet another threat received some attention for its growing interest in creating backdoor functionality on infected Windows machines.

Top Story of the Week: A Leap in Ransomware Demand Amounts

Citing industry researchers, Group-IB revealed that the average ransom demanded from a victim increased 14 times, from $6,000 to $84,000, in the span of one year. And this observation didn’t even capture some of the largest ransomware demands of 2019.

Out of all the ransomware families, Ryuk was the worst, according to researchers. In one attack, the crypto-malware coerced two cities in Florida into handing over a combined ransom payment of $1 million. In another attack, threat actors demanded $5 million — the largest demand ever recorded, noted Group-IB — from a town in Massachusetts.

Source: iStock

Also in Security News

  • Portuguese Banks Caught in the Crosshairs of New Grandoreiro Variant: Segurança Informática revealed that it spotted a new variant of the Grandoreiro malware family targeting Portuguese banks. This variant operated similarly to previous versions, but it also improved the way in which it communicated with its command-and-control (C&C) server.
  • Malicious Functionality of DEFENSOR ID Limited to Single Action: Researchers at ESET learned that an Android malware strain called “DEFENSOR ID” had succeeded in bypassing Google Play’s security checks. It did so by limiting its malicious functionality to a single action: requesting access to Accessibility Services for the purpose of emptying victims’ financial accounts.
  • New Flaw Allows Malicious Apps to Masquerade as Legitimate: Promon researchers detected a critical severity vulnerability that enabled malicious Android applications to camouflage themselves as legitimate programs in order to remain hidden. They named the flaw “StrandHogg 2.0” due to its similarities with the original StrandHogg flaw discovered in 2019.
  • Phishers Target Office 365 Details With Fake Supreme Court Subpoenas: A phishing campaign detected by Armorblox sent out attack emails that used “Supreme Court” as the sender identity and used authoritative language to coerce recipients into clicking a “View Subpoena” button. Those who complied found themselves redirected to a fake Office 365 login page.
  • Continued Interest in Backdoor Functionality Held by Sarwent Malware: SentinelOne came across a new sample of the Sarwent malware family that demonstrated sustained interest in using PowerShell commands and other techniques to perform backdoor functionality. Updates to the threat also provided evidence of a preference for abusing Remote Desktop Protocol (RDP).
  • Plaintext Passwords Targeted by Modified Discord Client: According to Bleeping Computer, attackers released a new version of the AnarchyGrabber malware family called “AnarchyGrabber3.” This threat abused a modified Discord client to steal users’ plaintext passwords and relied on commands to spread to victims’ friends on Discord.
  • New Versions of Valak Malware Deployed in U.S., German Campaigns: In April 2020, Cybereason identified multiple attack campaigns leveraging new variants of the Valak malware family to prey on targets in the United States and Germany. Researchers found over 30 versions of the malware, a discovery that suggests that Valak’s authors made many improvements to their creation over a short period of time.
  • Brute-Force Attacks Employed by PonyFinal Ransomware for Gaining Initial Access: Microsoft Security Intelligence revealed that a PonyFinal ransomware campaign leveraged brute-force attacks against a target organization’s systems management server as a means of gaining initial access. The campaign ultimately spread to endpoints with Java Runtime Environment (JRE) enabled to install its payload.

Security Tip of the Week: Strengthen Your Anti-Ransomware Defenses

Security professionals can help their organizations defend against a ransomware attack by making sure they have access to the latest threat intelligence. They can then use that information to stay on top of the latest ransomware attacks and techniques. Additionally, companies should leverage an endpoint management solution to monitor their endpoints for suspicious activity that could be indicative of a ransomware attack.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today