Contact Contact Us

WEEKLY COMMENTS

Some observers may argue that ransomware is no longer the most prevalent malware this year after being overtaken by crypto miners, but ransomware is not any less sophisticated and damaging than before. As mentioned in the article on SamSam ransomware, attackers behind the ransomware remain highly active and continue to wreak havoc on the healthcare sector. They perform highly targeted attacks and adopt ‘living off the land’ tactics to maintain a low profile on targeted networks and evade detection. Hancock Health, one of SamSam’s victims, decided to pay a ransom of US$55,000 to restore systems, while other victims had scrambled to recover operations.

In addition, cybercriminals continue to peddle a decent variety of ransomware in the dark web at competitive prices, making it easier for threat actors to get hold of some of the most destructive ransomware variants. This week, for instance, Sixgill researchers found that a bundle of 23 ransomware is being offered on the dark web at US$750. The bundle includes some of the most destructive ransomware such as SamSam, Magniber, Satan, and XiaoBa. It also contains tutorials and manuals on carrying out the attacks, as well as additional information about vulnerabilities that could be exploited to increase their chances of succeeding in their attacks. Any threat actor who gets hold of this bundle could upgrade their existing attack toolkit and maximise potential gains from their attacks.

References:
[1] SamSam: Targeted Ransomware Attacks Continue
[2] Giant ransomware bundle threatens to make malware attacks easier for crooks

Ensign InfoSecurity Singapore
6 Commonwealth Lane
Singapore 149547

Tel: +65 6788 2882
Fax: +65 6788 3883