Although the global financial industry has made strides in protecting its data from malware, including Trojans, cyberthreats such as network intrusion, ransomware and criminal gang cooperation are presenting fresh challenges, according to the Carnegie Endowment for International Peace.
Over the past five years, ransomware-as-a-service offerings have largely evolved from putting automated toolkits into the hands of subscribers to recruiting affiliates and sharing profits. To maximize revenue, some larger operators are also seeking affiliates with more advanced IT and hacking skills.
Darkside is the latest ransomware operation to announce an affiliate program in which a ransomware operator maintains crypto-locking malware and a ransom payment infrastructure while crowdsourced and vetted affiliates find and infect targets. When a victim pays, the operator and affiliate share the loot.
Victims of crypto-locking malware who pay a ransom to their attackers are paying, on average, more than ever before. But investigators warn that when victims pay for a guarantee that all data stolen during an attack will get deleted, criminals often fail to honor their promises.
The number of attacks related to Emotet continues to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign, according to research from HP-Bromium. During this time, Emotet is mainly infecting devices with the QBot or QakBot banking Trojan.
The Maze cybercrime gang, which revolutionized the ransomware business by adding an extortion element to each attack, has issued a statement saying it has hung up its spikes and will retire, at least temporarily. Security executives do confirm Maze's activity has dropped off in recent months.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
Security researchers at Appgate are warning about a recently uncovered ransomware variant called Egregor that appears to have infected about a dozen organizations worldwide over the past several months. The gang behind this crypto-locking malware is threatening to release data if victims don't pay.
After a six-month hiatus, the Zeppelin ransomware variant returned in late August, according to Juniper Threats Labs. The malware now uses an updated Trojan downloader to better hide its activities from security tools.
Tesla CEO Elon Musk says a "serious attack" aimed at stealing corporate data and holding his company to ransom has been thwarted. The FBI has accused a Russian national of attempting to recruit an insider to install malware to steal data, which criminals hoped to ransom for $4 million.
Ransomware gangs continue to see bigger payoffs from their ransom-paying victims, driven by "big-game hunting," data exfiltration and smaller players seeking larger returns, according to ransomware incident response firm Coveware.
A 31-year-old man who allegedly distributed versions of the GandCrab ransomware to target users has been arrested in Belarus for possession and distribution of malware, according to the country's Ministry of Internal Affairs.
Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year.