According to a research by SophosLabs, cybercriminals are targeting their ransomware attacks more and more effectively, varying the attacks by region to make it more likely that even well-informed users will fall for the scam.
Emails delivering ransomware, for example, are often written in the local language, with good spelling and grammar, and use local brands and logos to make them more believable.
“Most ransomware arrives in booby-trapped files attached to emails. These days, many organisations use their email filters to discard program files sent in by email, because they are very frequently dangerous, and there is almost no business case for allowing them,” said Harish Chib, vice-president for Middle East and Africa at SophosLabs.
Moreover, he said that ransomware attacks always avoid sending in programs (executable files) directly, instead claiming to be documents containing invoices, requests for quotations and other types of correspondence that are bread and butter for the average organisation.
After all, documents are supposed to be opened and looked at — how else to decide what attention they need?
The Pony malware is a well-known password stealer, so the criminals not only get to extort money through the ransomware component, but also to sniff out passwords that they can use for later attacks, or sell on to other criminals in the cyber underground.
Attacks such as ransomware often pass through many security checkpoints, such as email filters, endpoint protection and more. Traditionally, however, these products have worked independently, reflecting the fact that, in many organisations, each part of the network is managed and secured separately.
Unfortunately, he said that it can lead to a situation that is rather like a hospital where the patients can’t talk to the doctors, the doctors can’t talk to the nurses, and the nurses can’t talk to the patients.
“When it comes to protecting networks against malware, detection and remediation can be improved greatly if there is coordinated communication and interaction between the various security layers,” he said.