Latest Ransomware Attacks Leave Organisation Working On Typewriters

Thu, 09/08/2018 - 08:41
Ransomware , Data Protection

Ransomware is a threat to all organisations and has been prevalent for a number of years. Although recent reports suggest that organisations are no longer as scared of it as they once were, it is still something that genuinely threatens to cause downtime and cause havoc on a daily basis especially given the ease at which an infection can occur.

2017 saw attacks on a mass scale affecting thousands of organisations at once, 2018 has had its own share of attacks but on a smaller scale. The latest attacks have, in their own way, caused huge amounts of damage even if temporary or less headline-grabbing.

Town ditches digital to cope with Ransomware attack

In late July, a government department in Alaska was infected with a malware strain, which according to reports may have been sitting dormant for several months. The infection was able to take over more than 500 machines and bring the organisations to its knees for a time. Systems infected included the organisations email server, internal systems, and disaster recovery server, damaging backup data.

The short-term solution for the organisation was to revert to manual systems, dusting off typewriters and resorting to writing receipts by hand. While backup data stored on the server had been damaged some data was recoverable. IT Director for the organisation, Eric Wyatt stated:

                “There is optimism for the recovery of more data”

Ransomware is an ongoing threat and one that has proven profitable for cyber-criminal’s savvy enough to pull it off. One particular strain SamSam has reportedly extorted almost $6 million since January 2016.


SamSam turns a profit for cyber-crooks

There are some well-known strains of malware and ransomware such as WannaCry and Petya, but a lesser-known strain named SamSam has been actively targeting organisations for several years, making a tidy profit for the cyber-criminals behind it. Security firm Sophos has recently revealed research to show that the strain has successfully extorted some $5.9 million from organisations since 2016. Of the victims who paid up around 74% of organisations were US-based, with other victims coming from the UK, Canada, and Belgium; these organisations reportedly include schools and hospitals.

Sophos commenting on the strain:

“Unlike most other ransomware, SamSam encrypts not only document files, images and other personal or work data, but also configuration and data files required to run applications”

Another difference with the SamSam strain is that it is a manually triggered attack, rather than being triggered by a phishing scam (email) or compromised download.

“The entire attack process is manual. No badly worded spam email with an attachment is the culprit. The attacker breaks-in in the old-fashioned way: using tools that attempt as many logins as quickly as the Remote Desktop Protocol will permit, and exploits operating system vulnerabilities, though not as many as you'd think. SamSam usually succeeds when the victim chooses a weak, easily guessed password”


Organisations fighting back against Ransomware

Ransomware and malware are a well-known threat to organisations and a threat that is increasingly being prepared for and protected against. Recently a Taiwanese company that manufactures chips for Apple iPhone’s was able to recover from an attack following a mistake upon implementation of a new tool which allowed an infection in. Organisations are increasingly able to recover against the effects of ransomware and due to increase knowledge and staff training, infections are less likely to occur. Following best practice, many organisations are preparing for attacks by ensuring that all systems are recoverable and that an off-site backup is in place.  

Recent Articles

Redstor_Ransomware_Typewriters_blog Ransomware

Latest Ransomware Attacks Leave Organisation Working On Typewriters

Ransomware is a threat to all organisations and has been prevalent for a number of years. Although recent reports suggest that organisations are no... read more

August 09, 2018
Redstor_Reddit_blog Ransomware

Two-factor Becomes Hack-factor In Reddit Attack

The last few years have seen a number of high profile hacks, each growing in complexity and affecting masses of people. Strains of ransomware have... read more

August 07, 2018
Redstor_Dixons_super-breach_blog Disaster Recovery

Dixons Breach Becomes Super-breach Following Review

Earlier this year high street electronics firm Dixons Carphone revealed that a data breach had occurred the previous year, effecting over 1 million... read more

August 02, 2018