Ransomware is evolving, and business owners and security experts are not going to like it. SophosLabs is saying that hackers are moving away from automated, bot-sent ransomware to targeted ransomware handled by a human.
So instead of a ‘spray and pray’ approach, in which bots send out hundreds or thousands of emails to various addresses, hoping someone gets hooked, this approach targets a specific victim. The hacker will stake the victim out, think laterally, troubleshoot to overcome roadblocks and even wipe out back-ups so that the ransom has to be paid.
So far, SamSam, BitPaymer and Dharma are successful examples of such practices, and Sophos experts believe others will follow in their footsteps next year.
“The threat landscape is undoubtedly evolving; less skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries,” says Joe Levy, CTO at Sophos.
“These new cybercriminals are effectively a cross-breed of the once esoteric, targeted attacker, and the pedestrian purveyor of off-the-shelf malware, using manual hacking techniques, not for espionage or sabotage, but to maintain their dishonourable income streams.”
Ransomware aside, the report also says that criminals are using Windows system admin tools which are already at their disposal. They are using things like Powershell and Windows Scripting executables, to deploy malware.
Sophos uncovered a practice which it dubs ‘digital dominos’, where hackers chain together a sequence of different script types that execute an attack at the end of the even series, so that everything plays out before IT can detect a threat.
Image Credit: WK1003Mike / Shutterstock