Kaspersky has reported a spike in ransomware attacks targeted at larger businesses.
The increase in such attacks is down to their simplicity and high returns, said Kaspersky senior malware analyst Anton Ivanov.
In particular, attackers can use open source software to make their own encryptors "without making any special effort", he said in a blog post.
"A vivid example is the Mamba encryptor based on DiskCryptor, an open source software," he explained. "Some cybercriminal groups do not even take the trouble of involving programmers; instead, they use this legal utility 'out of the box'."
Ivanov said attackers have a three-step process: find an organisation with an unprotected server with RDP access; guess or buy the password; encrypt a node or server.
"The cost to organise such an attack is minimal, while the profit could reach thousands of dollars," he said.
Of course, not all attacks are so basic, he added, saying "true professionals are also active on the playing field", taking the time to carefully select targets and plan attacks that will last for weeks.
Regardless of the skill of the attackers, companies have to take a few key steps to protect their networks. That includes constantly backing up all servers, audit all nodes and servers to update outdated software, and protect all types of remote access.
The security firm noted the increase as it revealed more organisations have joined its No More Ransom project, designed to offer help to ransomware victims via free unlock tools, so people don't need to pay out to get their data back hopefully discouraging attacks in the future.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
