Last week in security news, researchers revealed that the average ransomware demand grew 14 times over a one-year period from 2018 to 2019. Ransomware wasn’t the only malware category that made headlines this past week. A strain of Android malware caught researchers’ attention by limiting its malicious activity to a single capability. Yet another threat received some attention for its growing interest in creating backdoor functionality on infected Windows machines.

Top Story of the Week: A Leap in Ransomware Demand Amounts

Citing industry researchers, Group-IB revealed that the average ransom demanded from a victim increased 14 times, from $6,000 to $84,000, in the span of one year. And this observation didn’t even capture some of the largest ransomware demands of 2019.

Out of all the ransomware families, Ryuk was the worst, according to researchers. In one attack, the crypto-malware coerced two cities in Florida into handing over a combined ransom payment of $1 million. In another attack, threat actors demanded $5 million — the largest demand ever recorded, noted Group-IB — from a town in Massachusetts.

Source: iStock

Also in Security News

  • Portuguese Banks Caught in the Crosshairs of New Grandoreiro Variant: Segurança Informática revealed that it spotted a new variant of the Grandoreiro malware family targeting Portuguese banks. This variant operated similarly to previous versions, but it also improved the way in which it communicated with its command-and-control (C&C) server.
  • Malicious Functionality of DEFENSOR ID Limited to Single Action: Researchers at ESET learned that an Android malware strain called “DEFENSOR ID” had succeeded in bypassing Google Play’s security checks. It did so by limiting its malicious functionality to a single action: requesting access to Accessibility Services for the purpose of emptying victims’ financial accounts.
  • New Flaw Allows Malicious Apps to Masquerade as Legitimate: Promon researchers detected a critical severity vulnerability that enabled malicious Android applications to camouflage themselves as legitimate programs in order to remain hidden. They named the flaw “StrandHogg 2.0” due to its similarities with the original StrandHogg flaw discovered in 2019.
  • Phishers Target Office 365 Details With Fake Supreme Court Subpoenas: A phishing campaign detected by Armorblox sent out attack emails that used “Supreme Court” as the sender identity and used authoritative language to coerce recipients into clicking a “View Subpoena” button. Those who complied found themselves redirected to a fake Office 365 login page.
  • Continued Interest in Backdoor Functionality Held by Sarwent Malware: SentinelOne came across a new sample of the Sarwent malware family that demonstrated sustained interest in using PowerShell commands and other techniques to perform backdoor functionality. Updates to the threat also provided evidence of a preference for abusing Remote Desktop Protocol (RDP).
  • Plaintext Passwords Targeted by Modified Discord Client: According to Bleeping Computer, attackers released a new version of the AnarchyGrabber malware family called “AnarchyGrabber3.” This threat abused a modified Discord client to steal users’ plaintext passwords and relied on commands to spread to victims’ friends on Discord.
  • New Versions of Valak Malware Deployed in U.S., German Campaigns: In April 2020, Cybereason identified multiple attack campaigns leveraging new variants of the Valak malware family to prey on targets in the United States and Germany. Researchers found over 30 versions of the malware, a discovery that suggests that Valak’s authors made many improvements to their creation over a short period of time.
  • Brute-Force Attacks Employed by PonyFinal Ransomware for Gaining Initial Access: Microsoft Security Intelligence revealed that a PonyFinal ransomware campaign leveraged brute-force attacks against a target organization’s systems management server as a means of gaining initial access. The campaign ultimately spread to endpoints with Java Runtime Environment (JRE) enabled to install its payload.

Security Tip of the Week: Strengthen Your Anti-Ransomware Defenses

Security professionals can help their organizations defend against a ransomware attack by making sure they have access to the latest threat intelligence. They can then use that information to stay on top of the latest ransomware attacks and techniques. Additionally, companies should leverage an endpoint management solution to monitor their endpoints for suspicious activity that could be indicative of a ransomware attack.

More from

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…