A nasty new breed of ransomware that can affect entire networks has concerned the FBI enough to ask for assistance from the security industry to tackle the threat.
A report on Reuters said that the FBI sent a private alert about the MSIL/Samas.A malware threat in a message saying: "We need your help!".
The Samas ransomware is particularly nasty as it encrypts data on entire networks, rather than just one computer at a time. As such the potential demands could be a lot higher, and the havoc far greater.
Security firm Cisco Talos said it had already observed MSIL/Samas.A in action and noted its dangers, particularly for the healthcare sector.
"Cisco Talos is currently observing a widespread campaign leveraging the Samas/Samsam/MSIL.B/C ransomware variant. Unlike most ransomware, SamSam is not launched via user-focused attack vectors, such as phishing campaigns and exploit kits," said the firm in a blog post last week.
"This particular family seems to be distributed by compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom. A particular focus appears to have been placed on the healthcare industry."
Microsoft has also seen the ransomware in action and explained more about how it operates in a post last week.
"It starts with a pen-testing/attack server searching for potential vulnerable networks to exploit with the help of a publicly available tool named reGeorg, which is used for tunnelling," the firm said.
"Java-based vulnerabilities were also observed to have been used, such as direct use of unsafe JNI with outdated JBOSS server applications."
Meanwhile, Trend Micro has seen another new crypto-ransomware variant dubbed Petya that is delivered via Dropbox or email.
"We do note that this isn't the first time that malware has abused a legitimate service for its own gain. However, this is the first time (in a long time) that it leads to crypto-ransomware infection. It is also a departure from the typical infection chain, wherein the malicious files are attached to emails or hosted in malicious sites and delivered by exploit kits," said Trend Micro in a blog post.
"Reportedly, Petya is still distributed via email. Victims would receive an email tailored to look and read like a business-related missive from an 'applicant' seeking a position in a company. It would present users with a hyperlink to a Dropbox storage location, which supposedly would let the user download said applicant's CV."
Dropbox moved fast to strip the infected files from its service.
"We take any indication of abuse of the Dropbox platform very seriously and have a dedicated team that works around the clock to monitor and prevent misuse of Dropbox," the firm added in a statement.
"Although this attack didn't involve any compromise of Dropbox security, we have investigated and have put procedures in place to proactively shut down rogue activity like this as soon as it happens."
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3 sister site Computing's Enterprise Security and Risk Management conference taking place on 24 November.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal