Ransomware has risen by over 250 percent during the first few months of 2017, according to a report Monday by the security firm Kaspersky. The publication of the cybersecurity statistics, which revealed that the U.S. is the country worst affected by the issue, comes as experts warn of a ransomware epidemic in the wake of the WannaCry cyberattack.
Here is an overview of Ransomware Top Stories of June 2017:
June 2, 2017
According to statistics obtained via Shodan, a search engine for online-accessible devices, about 4,500 Hadoop Distributed File System clusters worldwide are susceptible to ransomware attacks due to lack or absence of authentication. The volume of data stored in these databases amounts to some 5 Petabytes. Cybercrooks had already demonstrated back in January 2017 how easily they can compromise Hadoop servers, so the current state of things is a time bomb.
June 5, 2017
Michael Gillespie, member of MalwareHunterTeam (MHT) and author of the ID Ransomware site, updates his Jigsaw Decrypter. The latest version of this utility is capable of decrypting files with the .ram, .tax, and .lost extensions ransomed by the ever-evolving Jigsaw infection.
June 9, 2017
Whereas affiliate models of distributing Windows ransomware have been around for quite some time, this trend hasn’t been the case for macOS environment until now. The Ransomware-as-a-Service (RaaS) platform called MacRansom looks potent enough to become a game changer in this context.
June 13, 2017
South Korean web hosting provider Nayana falls victim to the Erebus ransomware. This Trojan infected numerous Linux servers belonging to said host. What makes the incident stand out from the crowd is that Erebus used to only compromise Windows based systems and suddenly became a multi-platform threat.
June 14, 2017
A breakthrough in decrypting the Jaff ransomware hits the headlines. Having spotted a flaw in the infection’s crypto, Kaspersky updates their RakhniDecryptor utility to support Jaff editions that stain locked files with the following extensions: .jaff, .sVn, and .wlu. Victims of this probable Locky successor can now get their data back for free.
June 15, 2017
A file-encrypting ransomware sample infects the computer network of University College London. The most likely entry point was a malspam email with contagious attachment inside. The harmful code quickly proliferated throughout UCL’s shared drives and student management system. Antivirus tools reportedly failed to intercept the perpetrating code due to its zero-day nature.
June 19, 2017
Ransomware called SamSam, or Samas, resurfaces after months of inactivity. The comeback turns out a blast as three new variants of this hoax begin making the rounds. These editions append victims’ data items with the .breeding123, .suppose666, or .mention9823 extension.
June 20, 2017
The Nayana web host attack incident mentioned above didn’t end well. As a result of negotiations with the threat actors, the ransomed company agrees to pay $1 million for decrypting data on its 153 Linux servers. Perhaps the upshot of this whole compromise wouldn’t have been so awful if it weren’t for the fact that about 3,400 customer websites got affected along the way.
June 21, 2017
The WannaCry ransomware, which gained notoriety for its worldwide reach and sophisticated distribution tactics, continues wreaking havoc a month after the original outbreak. Its new high-profile target is the Honda car plant in Japan. The attack forces the vehicle manufacturer to halt production until the issue is addressed.
June 22, 2017
A new massive wave of malicious spam starts delivering the payload of Locky ransomware’s brand new edition. Fortunately, the cryptographic routine of this sample is shoddy. It fails to perform encryption on Windows 7 and later operating system builds equipped with the Data Execution Prevention (DEP) feature. Therefore the pest only functions on Windows XP and Vista.
June 23, 2017
The FBI’s Internet Crime Complaint Center (IC3) provides some interesting ransomware statistics in the most recent edition of the Internet Crime Report. According to the analysts’ findings, most ransomware victims do not report the attacks to law enforcement agencies, so the official numbers aren’t even close to reflecting the real scope of the epidemic.
June 27, 2017
A revamped version of the destructive Petya ransomware is discovered. Referred to as NotPetya or PetrWrap, this strain mainly zeroes in on Ukraine, a country in East Europe that’s in a state of military conflict with Russia. Experts believe this geo-targeting of the NotPetya campaign is an indication of its Russian origin. The prevalent distribution channel involves a malicious update for M.E.Doc, accounting software widely used in Ukraine.
June 29, 2017
Cerber ransomware is renamed to CRBR Encryptor. The updated infection features diversified propagation. It is spreading via the Magnitude exploit kit as well as trojanized JavaScript email attachments. The offending program drops a combo of HTA and TXT ransom notes and turns filenames into gibberish strings appended with a four-character extension.
To prevent ransomware attacks, organizations are required to have their harddrive backed up time to time. It will make ransom attack useless, and showcase your readiness towards cyber incindents.