Targeted ransomware attacks on large organisations are on the rise, security software company Kaspersky has warned.
Kaspersky researcher Anton Ivanov said that in late 2016 his team detected a big increase in the number of incidents of malware being used to target attacks on major organisations with the explicit purpose of extorting money.
The typical method would be to launch an encryptor - ransomware - on an organisation's network nodes and servers, he added.
He said that these kinds of attack can be financially rewarding with very little effort; the cost of developing a ransom program is significantly lower than other types of malicious software, and they are specifically put together to make money and affect a wide range of potential victims.
"Today, an attacker (or a group) can easily create their own encryptor without making any special effort," said Ivanov.
He gave the example of the Mamba encryptor, based on DiskCryptor, a legitimate piece of open-source software.
"Some cybercriminal groups do not even take the trouble of involving programmers; instead, they use this legal utility ‘out of the box'," he said.
The method goes as follows: the criminals would search for an organisation that has an unprotected server with Remote Desktop Protocol (RDP) access, they would guess the password or buy access to it on the black market, and then they would encrypt a node or server manually.
According to Ivanov the cost of the attack is minimal, while the profit "could reach thousands of dollars".
In some cases, partners of well-known encryptors use the same scheme but they use a version of a ransom program purchased from the group's developer instead.
But Ivanov suggested that the more sophisticated criminals are also "active on the playing field" - meaning that they carefully select targets such as major companies with a large number of network nodes, and then organise attacks that can last weeks.
After seeking out a potential victim and assessing whether there is a possibility of penetration, the criminals would penetrate the organisation's network by using exploits for popular software or Trojans on the infected network nodes.
They would then gain a foothold on the network, research its topology, acquire the necessary rights to install the encryptor on all of the organisation's nodes and servers and finally install it.
Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.
Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Attendance is free to qualifying IT professionals and IT leaders - register now!
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them
Supply chain and manufacturing experience could give Dyson an important edge
New VR Zone Portal arcades open in London and Tunbridge Wells
Systems-on-a-chip with integrated AI features could make voice and facial recognition