Now ransomware is taking aim at business networks

One in ten instances of this cybercriminal activity involving the likes of CTB-Locker, Locky and other ransomware now targets a business
Written by Danny Palmer, Senior Writer

The ransomware known as CTB-Locker is one of those targeting corporate networks

Image: Trend Micro

Crypto-ransomware is becoming an increasing problem for businesses as cybercriminals are turning their attention to using these attacks to target corporate networks.

Cybercriminals are aware that this method of attack is working and are increasingly deploying it: according to a new Kaspersky Labs report on ransomware, the number of corporate users attacked with crypto-ransomware has increased by over six times with 718,000 victims in the last year compared to 131,000 during the previous 12 months.

Previously, ransomware attacks had largely ignored corporate networks, with hackers instead choosing to target home users. While home users still make up the vast majority of crypto-ransomware victims, corporate users now account for over one in ten infected.

Almost exactly half of crypto-ransomware attacks carried out between 2015 and 2016 used Teslacrypt ransomware - although the trojan is no more after it's masterkey was released to the public in May. Nonetheless, prior to that point it had infected users, encrypted their files and demanded a ransom in Bitcoin in order to release.

CTB-Locker has also proved to be a significant threat and the ransomware uses the same tactic; with cybercrminals encrypting the victim's files then demanding a ransom, which if not paid within 96 hours will see all the target's files permanently deleted. Other types of cryptographic ransomware known to be causing problems include Scatter, Craki, CryptoWall, Shade, Mor, Aura and Locky.

While an individual home user having their files locked by ransomware is bad, a corporate network being encryted by cybercriminals can be catastrophic.

"Crypto-malware is becoming more and more serious threat, not only an organization losses money for ransoms but business can be paralyzed during files recovery", said Konstantin Voronkov, head of endpoint product management Kaspersky Lab.

According to the report, hackers using cryptographic ransomware are mainly targeting small and medium sized businesses. The size of these organisations means that even just being locked out of their files for a few hours could be massively damaging - thus potentially making them more likely to quickly pay a ransom demand in order to get back online.

Nonetheless, Kaspersky have warned victims that they shouldn't submit to to ransom demands, no matter the cost as it just encourages hackers. "Every bitcoin transferred to the hands of criminals builds their confidence in the profitability of this kind of cybercrime, which in its turn leads to the creation of new ransomware," says the report.

There are a number of precautions an organanise can take to ensure that even if their network is infected by ransomware: for example, companies should regularly backup files - both onto their own additional servers and the cloud - in order to protect the information.

Cybersecurity researchers recently noticed that infections by some of the worst types of malware had dropped - but the decline was short-lived as it returned a week later.


Editorial standards