Ransomware has become the largest threat to consumers and businesses in the EU, according to a new threat report from Europol.
The Internet Organized Crime Threat Assessment points to variants such as Cryptowall, Cryptolocker, Teslacrypt, and CTB-Locker as representing the biggest security problem for European users. Ransomware is not a new threat, but it’s evolved and expanded quite a bit in the last year, with more variants emerging and attackers expanding their target list. The threat began as simple extortion attempts, with fake warnings from law enforcement agencies. But it’s now almost entirely made up of ransomware that encrypts victims’ files or hard drives and demanding payment for the decryption key.
Europe officials said in the report that ransomware threats show no signs of abating.
“Ransomware continues to be the dominant concern for EU law enforcement. While police ransomware appears to have dropped off the radar almost completely, the number of cryptoware variants has multiplied. Whereas each variant has its own unique properties, many are adopting similar anonymisation strategies such as using Tor or I2P for communication, and business models offering free test file decryptions to demonstrate their intentions,” the IOCTA report says.
“Ransom payment is almost exclusively in Bitcoins. While most traditional and ‘commercially available’ data stealing malware typically targets desktop Windows users, there are many more applicable targets for ransomware, from individual users’ devices, to networks within industry, healthcare or even government.”
Enterprises have become key targets for ransomware recently, as attackers have figured out that it’s more efficient to go after one large payday than a bunch of smaller ones. Ransomware has cropped up in a number of businesses this year, including a high-profile infection in a California hospital. The IOCTA report says Europol officials expect that trend to continue, and likely expand to infections of IoT devices.
“Cryptoware will also continue to expand its attack surface. Now firmly established as a daily desktop malware threat, the profile of ransomware as a threat on mobile devices will grow as developers hone their skills in attacking those operating systems and platforms. Given the scale of mobile device ownership (with many more mobile devices than people40) there is no shortage of fertile ground for the proliferation of mobile ransomware,” the report says.
“Moreover, we will also see ransomware evolving to routinely spread to other smart devices. There are already indications that some ransomware is capable of infecting devices such as smart TVs. Following the pattern of data stealing malware, cryptoware campaigns will likely become less scattergun and more targeted on victims of greater potential worth. More recently, a new strain of server-side ransomware called SAMSAM predominately target the healthcare industry. SAMSAM, does not require user interaction but exploits the vulnerabilities of web servers and encrypts folders typically associated with web site files, images, scripts, etc.”
Although the ransomware threat to enterprises is growing, the IOCTA report also cites business email compromise, or CEO scams, as a huge problem. BEC scams involve a fraudster impersonating a CEO, CFO, or other executive and tricking an employee in a target company into transferring a large amount of money to an account controlled by the criminal. The FBI estimates that businesses in the United States lost $246 million to these scams in 2015, and a large Belgian bank last about $75 million to a BEC scam in January. Organized crime groups often are involved in these scams, which usually involve quite a lot of research and reconnaissance on the attackers’ part.
“The fraud continues to affect tens of thousands of victims worldwide resulting in the loss of billions of euros67. The losses for individual companies were often in the hundreds of thousands or even millions. Despite the often considerable financial damages, victims do not always report such crimes to avoid reputation damage. This prevents law enforcement from obtaining a clear picture of the scale and scope of the threat,” the Europol report says.
Image from Flickr stream of FuFu Wolf.