Go to Top

Two-thirds of CryptoWall ransomware attacks targeting SMBs

Small and medium-sized businesses (SMBs) are increasingly coming under attack from cyber criminals who use ransomware software to encrypt key files, before demanding money in order for firms to regain access.

This is the finding of research by Trend Micro, which noted that companies in this sector make good targets for criminals, as they are less likely to have the sophisticated defences of their larger counterparts. What’s more, if the encrypted information is critical to their operations, they may feel they have little choice but to pay up.

The study observed this trend is particularly evident in attacks that use TorrentLocker and CryptoWall ransomware, which are two of the most common variants currently in use.

For instance, it found that in June and July this year, more than two-thirds of users (67.23 per cent) who clicked on malicious links in CryptoWall-related emails were in the SMB sector. This compares with 16.95 per cent who were enterprise users, and 12.57 per cent consumers.

While Torrentlocker-based attacks were more consumer-oriented, more than four out of ten malicious links were still targeted at SMBs.

Many of the techniques used by ransomware criminals are highly compatible with smaller businesses, with criminals frequently using emails that purport to be CVs or purchase orders to entice users to open attachments.

Trend Micro’s analysis found that both CryptoWall and TorrentLocker users typically send out their spam runs in the early hours of the morning in the time zone of its intended victims, which suggests they are targeting business users who will receive the mails when they get to the office.

“We see that the intended victims are clicking on these links in the period between 9am to 1 pm, with the outbreaks starting at 9am to coincide with the typical times that people arrive at work,” the security firm stated.

Ransomware can be a very difficult crime to deal with, as once files are compromised it can be extremely hard to regain access without giving in to the hackers’ demands. However, some malware – such as the infamous CryptoLocker – have had their decryption keys revealed, meaning that data recovery is possible.

It is wise to choose a data recovery company who has a track record in recovering from the type of data loss you have experienced.

From:: http://www.krollontrack.co.uk/company/press-room/data-recovery-news/two-thirds-of-cryptowall-ransomware-attacks-targeting-smbs394.aspx

Leave a Reply