One catchphrase you’ll hear these days is that “X is the new ransomware”.

That’s because the ransomware scene is no longer clearly dominated by long-running, well-known “brand names” (so to speak) such as CryptoLocker, TeslaCrypt or Locky.

In other words, many people are convinced that ransomware has had its day, is dying out, and new threats are taking over.

A popular value for the variable X in in the equation above is cryptojacking, where crooks sneakily insinuate cryptocurrency mining software onto your computer or into your browser.

Rather than snatching away your files, like ransomware does, cryptojackers steal your processing power and your electricity instead.

This that the crooks earn a tiny bit of money from every for as long as they’re infected, rather that taking the all or nothing approach of ransomare, where victims face a stark choice: pay and win, or refuse and lose.

The thing is, neither cryptojacking, nor indeed any other cyberthreat, is the “new ransomware”.

If you must know, RANSOMWARE is the new ransomware.

As often happens in the world of cybercrime, old threats stay with us for ages, and new threats simply add themselves to the mix rather than taking over. (Do you seriously think that we’ll ever see the end of spam, for example?)

This year, we’ve seen a carefully orchestrated ransomware campaign known as SamSam, where the crooks have settled on a new mode of operation.

Instead of blasting out one copy of the out to thouands of potential victims over a day or two, the crooks blast thousads of copies of the onto computers inside a single organisation, pretty much all at once…

…and then, almost casually, offering a “volume discount” to fix the entire in one fell swoop.

SophosLabs just published an intriguing technical paper about the SamSam menace, and in the sample in the paper, the malware includes a BAT file that lets the crooks set their price point for each :

    @echo off
    SET runner=mswinupdate.exe
    SET password=%1
    SET path=xxxxxxxxxx
    SET totalprice=5
    SET priceperhost=0.8

The prices above are denominated in BTC (Bitcoin), and they seem to be adjusted each time so that the all-you-can-eat discount price works out at about $45,000.

At BTC0.80 per PC, but “just” BTC5.00 to decrypt your whole company, it’s almost as though the criminals are doing you a favour!

We don’t know why the price is $45,000. For all we know, that number was picked because it’s below certain reporting threholds, or because the crooks want to pick the highest value they dare without getting into corporate board-level approval territory. All we can say is that $45,000 is a lot of money.

more about this new trend in ransomware by reading the paper now. (No registration required.)






Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here