The prevalence of ransomware programs, both those that encrypt data and those that don't, has exploded over the past two years, with companies being increasingly targeted.
Based on an analysis by security vendor Kaspersky Lab, more than 2.3 million users encountered ransomware between April 2015 and March, a jump of almost 18 percent over the previous 12 months.
This includes programs that only lock the computer's screen to prevent its use as well as those that hold the data itself hostage by encrypting it -- the so-called cryptors. The rise of cryptors in particular has been significant, accounting for 32 percent of all ransomware attacks last year compared to only 7 percent the year before, according to Kaspersky Lab.
The number of users hit by crypto ransomware during the period studied grew 5.5 times to reach more than 700,000, while the number of corporate users in particular who encountered such threats rose from 27,000 to 159,000 -- an almost six-fold increase.
Corporate users represented over 13 percent of all ransomware victims between April 2015 to March 2016, nearly double that of the year before.
-- submitted from IRC
(Score: 2) by Runaway1956 on Sunday June 26 2016, @05:22PM
Gotta redistribute the wealth. This is just part of the plan, nothing to worry about.
(Score: 3, Insightful) by mcgrew on Sunday June 26 2016, @05:30PM
Yes, away from stupid rich people and into the hands of smart rich people who know the value of backing up your data. I can't believe how incredibly stupid some of the wealthiest are.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 1) by Ethanol-fueled on Sunday June 26 2016, @05:53PM
Backup to your USB drive, unplug the USB drive, laugh at all the assholes who had something to lose. Why is this a problem?
(Score: 1) by Francis on Sunday June 26 2016, @07:38PM
USB sucks for that. I'd recommend some form of WORM like DVD or Bluray.
I'd also recommend that the files be stored on a filesystem like ZFS with regular read only snapshots to minimize the exposure. A typical system can handle the home directory being snapshotted every couple minutes and for those snapshots to be stored for a few days.
I have little sympathy for people who get hit by this malware as proper backup tools are readily available these days and are generally pretty affordable.
(Score: 0) by Anonymous Coward on Sunday June 26 2016, @11:31PM
Now that these ransomware guys have some money, they can improve the process and silently sabotaging backups is probably on the todo list.
(Score: 3, Interesting) by Hairyfeet on Monday June 27 2016, @04:32AM
Why is USB bad for that? You can get a couple Tb drive for less than $100, simply back up once a week or so and keep the drive unplugged in the meantime. I mean sure DVD or BD (I'd personally go with BD, the drives and media are cheap now and not only do they hold more data they are more scratch resistant) are great for long term storage but for regular backups? You really can't beat an external drive.
And for those that have to support less technical users? Paragon Backup & Recovery Free. What makes it great is that it supports using a hidden encrypted drive called a backup capsule so if the system gets trashed? Simply boot from a Paragon backup disc or USB drive, point it at the capsule, and you are good to go.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 1) by Francis on Monday June 27 2016, @03:20PM
It's bad because whenever you plug them in you're exposing them to malware which under this scenario you have. And if you happen to plug the thing in after you're infected, but before you notice, then you've lost all those files as well.
Not to mention that you can easily delete everything on the drive, so you lost not just the most current version, but the older ones as well. Not to mention the fact that thumbdrives and USB drives are never backups when kept at home, but optical drives at least provide you with protection against the most common problems and in this case people messing with files you've already created.
I haven't seen that particular product, but it's misleading to call that a backup if it's literally being stored on the same computer that's creating it. Better to use something like Backblaze or Crashplan that does the backup online.
(Score: 2) by mcgrew on Monday June 27 2016, @04:51PM
It's bad because whenever you plug them in you're exposing them to malware which under this scenario you have.
That's why WORM media are preferable and why you shouldn't back up anything that can execute code. Also a good reason NOT to use most MS products. Oggs and MP3s can't carry viruses, but any media capable of DRM can.
Not to mention that you can easily delete everything on the drive
Sure, if you're in a stupor. Not easy at all to do it accidentally if you're both sober and intelligent.
it's misleading to call that a backup if it's literally being stored on the same computer that's creating it.
Indeed, drives fail, which is the primary reason for data backups.
Better to use something like Backblaze or Crashplan that does the backup online.
I don't trust "the cloud". I'll hang on to my own data, it only goes online when I'm ready to share it.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 2) by Hairyfeet on Tuesday June 28 2016, @12:35AM
If you can't tell when a system has malware? Then frankly you are too dumb to be using a PC, end of story. I've had to deal with enough malware at the shop to tell ya you INSTANTLY know when a system has been infected because it ties a boat anchor to the system and you suddenly see CPU and disk usage jump with no corresponding entry in task manager showing what is using the resources.
that said you should always run a scan with a couple of different malware tools ( I recommend one online and one off) before running a backup. Oh and FYI if the system is infected? Your DVDs will be infected as well, so they will be completely useless. Remember for backups to be of any use they have to be updated regularly so by your logic either their backups will be woefully out of date, causing them to lose the data they actually care about, or they will be infected. so either way your system isn't any better.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by mcgrew on Monday June 27 2016, @04:43PM
I don't understand the need for "backup tools." Is typing "copy *.* a" so hard to do? Or highlighting your "documents" folder, clicking "copy", clicking your a: drive (letter I assigned to the external hard drive I back both laptops up to) so hard?
mcgrewbooks.com mcgrew.info nooze.org
(Score: 2) by Hairyfeet on Tuesday June 28 2016, @12:29AM
You can't make a bootable disc image with *.*? With Paragon I can make a "factory restore" where if they fuck up their system all they have to do is boot from a USB key or CD, tell it to use the backup labeled factory restore, and 20 minutes later its right back to the way it was when they got it from me.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by mcgrew on Thursday June 30 2016, @01:31AM
Well, yes, to restore the OS and software after an attack or hardware failure. I'm talking about backing up data, which is what matters. You're talking about supporting other users, and any shop should have an IT guy that can do that. There's simply no reason for a lack of backups except ignorance and stupid laziness.
mcgrewbooks.com mcgrew.info nooze.org
(Score: 2) by LoRdTAW on Monday June 27 2016, @05:37PM
Backup to your USB drive, unplug the USB drive, laugh at all the assholes who had something to lose, plug USB back in to restore and realize USB drive went bad. Who's the asshole now?
FTFY.
(Score: 2, Interesting) by Anonymous Coward on Sunday June 26 2016, @09:21PM
> I can't believe how incredibly stupid some of the wealthiest are.
I'm not. I went to a private prep school with some of the richest of them (kids of the Atari founder, the Broncos owner, AOL founder, etc).
But the reason they were dumb didn't become clear until long after I graduate. Wealth means you are insulated from consequences. When a normal person fucks up they have to work to get unfucked. But when a wealthy person fucks up, they can just spend some money to get unfucked. So they rarely have to experience the visceral consequences of fucking up. "Affluenza" is one popular name for it. "Let them eat cake" is another well-known example.
In a way it is not their fault, we are all the product of our own experiences. It is a rare person who realizes that their own experiences are not shared with everyone else. You see it here on soylent all the time, people insisting that they know best when they have no direct experience to draw on.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @03:25AM
Most people are dumb. Being born to rich parents doesn't change that. Ignorance is different from stupidity.
(Score: 2) by mhajicek on Sunday June 26 2016, @05:45PM
I blame this on the hospital that paid and got in the news about it.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 4, Insightful) by Kilo110 on Sunday June 26 2016, @05:47PM
would've happened eventually. if not them then it would've been someone else.
the real problem is how IT and security is low priority for most companies. eventually they'll wisen up and networks will become more hardened. it'll balance itself out eventually.
(Score: 1, Interesting) by Anonymous Coward on Sunday June 26 2016, @06:06PM
Not so widely reported (as police station and hospital) was the small NASCAR team that got hit recently and paid the ransom... Happy ending, now they are sponsored by MalwareBytes!
A friend forwarded from the green site, but this link is directly to the team site,
http://www.cslfr95.com/news/?cid=65176 [cslfr95.com]
One takeway -- while NASCAR racing cultivates the "aw shucks" image, even the smaller teams are heavily invested in simulation tools as well as normal business software.
(Score: 2) by JoeMerchant on Sunday June 26 2016, @10:18PM
I'm glad it hit the news, instead of being "handled quietly." Now we can have the unacceptable rash of attacks and develop an acceptable way of coping with the problem (offsite backups, anyone?)
Keeping it quiet would only allow the problem to grow like a mushroom, out of sight below ground.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Sunday June 26 2016, @06:27PM
Still allowing JavaScript? But hey don't worry, you can always pay these criminals off. That's exactly what we're seeing happening here.
(Score: 2) by GungnirSniper on Sunday June 26 2016, @06:29PM
How much longer before we see either a stripped down version of the Internet at work with ads dropped and non-US addresses blocked for most users, or the stupidity of things like WebSense returning? In both cases the suits will have free access, and get infected anyway, while the rest of us can't access StackExchange and such?
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 0) by Anonymous Coward on Sunday June 26 2016, @09:32PM
It seems to me that corporate IT could really step up security by putting apps in per-user VMs and running them, or at least hosting the images, on central servers. Put the browser in one, email in another, etc. Tightly control the network and disk access of each VM, customized to the specific task. Make the transfer of data from one vm to another a manual process - streamlined as possible, like drag-and-drop easy, but not automated.
You'd never get 100% coverage, but I'd bet you could get 99% for a typical corporate environment with only a minimal increase of hassle for the end users. Reduce the attack surface and you reduce your risk.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @02:01AM
The problem with this approach is simple: when your strict security policies start interfering with people's actual jobs, you start having a different set of problems. It doesn't have to be serious hindrance, just a minor annoyance (real or perceived). Then your staff start trying to figure out how to bypass the security measures, rather than doing their actual jobs. Or they quit. Both of these situations are expensive.
It is often much cheaper to simply ignore security problems and deal with any consequences after they occur.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @04:33AM
Good security is about making the easiest way to get your job done also the most secure way.
The problem with that is it takes good security experts to figure that out and to stay on top of it as requirements change.
Application isolation can be a powerful tool, but you are right -- on its own and poorly implemented it will make things worse.
(Score: 1) by kurenai.tsubasa on Monday June 27 2016, @11:21AM
Tightly control the network and disk access of each VM, customized to the specific task. Make the transfer of data from one vm to another a manual process - streamlined as possible, like drag-and-drop easy, but not automated.
That'll work great until there are 5 versions of some important document floating around and nobody knows which one is correct.
Also, I need muh Q drive! Muh Q drive! Can't work without muh Q drive!
(Score: 3, Informative) by anubi on Monday June 27 2016, @05:43AM
I feel we are going to continue to have malware spreading via scripting until the following conversations start taking place in corporate boardrooms:
CEO: The latest reports coming in show we have lost 3 more percentage points in market share this quarter. We took aggressive steps with Google to insure top placement in searches, but few people seem to be buying anything. What's going on here? Are we overpriced?
IT Manager: We see an uptick of about 12 percent this quarter resulting from AdSense, but most of them click in then right back out. The logs say they don't even stay around long enough to even load the first page.
CEO: Puzzling... I have looked at our web presence over and over from my office. Looks absolutely great. This is really an enigma. Sales should be taking off like a banshee but we are being shunned like we had bad breath. I'll hire a web reputation agency to scour the net to see if people are posting bad press on us. I've looked myself, but I sure haven't seen any.
CEO, puzzled about lack of sales, talks about it while visiting his daughter. His son-in-law tries to pull up the corporate page on his machine. No Script. No page load. Why are you running this NoScript thingie? Son-in-law shows CEO computer fixit bill from last round of viruses. CEO completely unaware that this even existed.
CEO calls IT Manager to his office next day: Our website works fine here, but not on my son-in-law's machine? Why?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Monday June 27 2016, @06:15PM
The hijackers could use hijacked (zombie) PC's that are in the US such that filtering IP's would not eliminate the problem, and maybe not significantly reduce it either since it seems fairly easy for them to get a zombie'd device inside the US.
(Score: 3, Interesting) by number6 on Sunday June 26 2016, @07:57PM
If they are running Windows operating systems and want to avoid such predicaments....
I recommend they buy and install two software into their systems: Deep Freeze [faronics.com], and Sandboxie [sandboxie.com]
Deep Freeze is used to snapshot the system state and rolls the system back to the snapshot upon shutdown or reboot. The Enterprise version has many configuration options.
Sandboxie can be used to sandbox all internet-facing applications. Sandboxie also has many configuration options.
I strongly recommend companies concerned about avoiding this "Crypto Ransomware" phenomenon to consider incorporating those two software into their computing infrastructure.
(Score: 2) by quixote on Sunday June 26 2016, @10:02PM
That was part of my question -- I even read TFA! -- is ransomware targeted at some OSes? All OSes? Flash? Javascript? All of the above?
I take the points about having backups, snapshots, and sandboxing. But I'm still curious where the greatest vulnerabilities lie.
(Score: 1, Informative) by Anonymous Coward on Monday June 27 2016, @12:45PM
From first hand experience, most of them come through as email attachments or drive-by-downloads. I only represent a few thousand users but my data's probably decent...
The email attachments typically target users of Microsoft Office on Windows, but have rarely been for other applications, like Adobe Reader. It's almost always Windows though; cryptoware-wise, haven't seen an Apple one yet, but they're a tiny part of my data sample, and are often more technically knowledgeable (in my sample set anyway). The biggest problem for me is users' personal mails. My spam detection setups include several layers of virus/spam detection so most company mail is fine. As much as possible, I try to get personal mails blocked from being accessed, but many users are still allowed to access them. All of the freemail sites, even Google, fail to block all of these. Yahoo is possibly the worst, followed by AOL.
Drive-by-downloads are a far less common issue, they are mostly less of an issue if security updates are being applied periodically. In practice few of the ones we get hit with are actual zero-day exploits, despite the press focus. Most of them are 30+ days old, from what I can tell; though note, I don't always learn exactly how the infection happened by this route. Many of these take pains to cover their tracks. I can often point out the site that did it (usually an advertisement), but can't often retrieve a sample of the actual payload.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @04:16PM
Thanks! That was useful :-)
(Score: 0) by Anonymous Coward on Monday June 27 2016, @06:34PM
in my experience it's clients running windows, clicking on email attachments in webmail which then encrypts ms office files. Assuming no actual(not percieved due to ignorance) vendor lock in, there's really no excuse for any of those three vectors to exist in the first place. Superior OSes are available for free. you can use a FOSS email client like thunderbird which won't load remote content by default. If you still open attachments from phishy emails then i don't suppose anyone can stop you. You can use libreoffice instead of MS office but i don't know if current ransomware will encrypt those files or not.
If you act like a slave, they will treat you like a slave.
(Score: 0) by Anonymous Coward on Monday June 27 2016, @12:44AM
Brute force hacking into the network? Or someone watching porn?
(Score: 1, Interesting) by Anonymous Coward on Monday June 27 2016, @03:03AM
Isn't the largest malware infection vector in general ad networks? I'd assume it's similar for ransomware, and some anecdotal evidence [arstechnica.com] seems to agree.
The sad thing is, it's safer to torrent and run cracked executables then browse the mainstream web (say, Forbes [extremetech.com], or NY Times, BBC, MSN, etc. mentioned in the ArsTechnica link above) with no adblocker and JS/Flash turned on. At least torrent sites have a reputation system and a "report" button.
(Score: 1, Insightful) by Anonymous Coward on Monday June 27 2016, @03:28AM
xhamster is more respectable than the ads placement agencies.
(Score: 1) by tisI on Monday June 27 2016, @05:23PM
This seems to be a M$ windoz platform problem.
So the attack vector may be any of the usual methods the bazillion of widoz virii uses.
All windoz users know full well M$ crapware is as secure as a screen door on a submarine.
I don't use M$ shitware, & don't feel any sympathy for the victims.
M$ lockin is a form of self-sodomization.
M$ is what M$ does.
SSDD
Next ..
"Suppose you were an idiot...and suppose you were a member of Congress...but I repeat myself."