Friday, February 19, 2016

Major uptick in ransomware attacks on large organizations; Why does Microsoft even let this happen?

Microsoft has provided a detailed writeup on Ransomware in its Malware Protection Center.

There is a lot of attention to Crowti, the most prevalent infection in 2015.  Data cannot be recovered without paying “ransom” in bitcoins.

The second-most prevalent s FakeBsaod, which seems to be “scareware” because it can be avoided by using the Task Manager.

Microsoft says that its MSRT (Malicious Software Tool), which typically takes a long time to install, will disable these items.

But what seems a mystery is while Windows would still be vulnerable to this kind of attack from an executable in the first place.

They are most often encountered in phishing attacks, or sometimes with redirects on malicious websites (sometimes by keying in misspelled names of popular sites, especially “bews” for “news” which often results in scareware attacks.  Some are “browser hijacks” that don’t load executables. To avoid this problem, it's safer to enter news site names into search engines first to check spelling.

CBS News is reporting a dangerous escalation in ransomware attacks, as in this story, which reports on a major infection of the data center of a California hospital.  In some cases, companies, hospitals and even local government agencies have "paid up".

Here's a video on how Cryptolocker "works".

No comments: