New Ransomware Becomes the Hello World of Malware in 2016
Just when you thought ransomware had fizzled as a trend with threat actors instead turning to banking Trojans like Dridex, ransomware has re-emerged as a significant threat to individuals and organizations. The $17,000 payout by Hollywood Presbyterian Medical Center this week represents the latest example of what Forbes characterized as a "ransomware crisis". While $17,000 may not have the sensational value of the $3.6 million dollar ransom that was originally reported, the larger cost came from the days of downtime the hospital experienced as a result of the malware infection.
Last week, Proofpoint researchers wrote about 7ev3n and a Valentine's Day campaign to distribute this particularly destructive piece of ransomware with high ransoms and the threat of publicly posting the files it encrypts. Earlier this week, we also published a first look at Locky, a new ransomware being distributed in high-volume campaigns by the actors behind many of the largest Dridex campaigns.
Ransomware is evolving rapidly from the CryptoWall and CryptoLocker campaigns that made headlines in the last two years. While the technology behind the malware hasn't necessarily changed a great deal (and, in fact, we are seeing some fairly simple variants in the wild with evidence of "amateur mistakes"), the diversity of ransomware, the threat actors involved, and the vectors in use are shifting rapidly.
To that end, Proofpoint researchers have assembled a roundup of important ransomware variants in a new paper. The paper provides additional analysis and/or first looks at several examples of innovations in ransomware and their distribution and C2 mechanisms.
We will continue to track changes in the ransomware landscape.
Check out the research paper for recommendations, technical details, and new developments in the "ransomware renaissance".