Weekly Comments

30 October - 5 November 2018

Some observers may argue that ransomware is no longer the most prevalent malware this year after being overtaken by crypto miners, but ransomware is not any less sophisticated and damaging than before.
Some observers may argue that ransomware is no longer the most prevalent malware this year after being overtaken by crypto miners, but ransomware is not any less sophisticated and damaging than before. As mentioned in the article on SamSam ransomware, attackers behind the ransomware remain highly active and continue to wreak havoc on the healthcare sector. They perform highly targeted attacks and adopt ‘living off the land’ tactics to maintain a low profile on targeted networks and evade detection. Hancock Health, one of SamSam’s victims, decided to pay a ransom of US$55,000 to restore systems, while other victims had scrambled to recover operations.

In addition, cybercriminals continue to peddle a decent variety of ransomware in the dark web at competitive prices, making it easier for threat actors to get hold of some of the most destructive ransomware variants. This week, for instance, Sixgill researchers found that a bundle of 23 ransomware is being offered on the dark web at US$750. The bundle includes some of the most destructive ransomware such as SamSam, Magniber, Satan, and XiaoBa. It also contains tutorials and manuals on carrying out the attacks, as well as additional information about vulnerabilities that could be exploited to increase their chances of succeeding in their attacks. Any threat actor who gets hold of this bundle could upgrade their existing attack toolkit and maximise potential gains from their attacks. 

References:
[1] SamSam: Targeted Ransomware Attacks Continue
[2] Giant ransomware bundle threatens to make malware attacks easier for crooks
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Solutioning

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence