Symantec warns of rise in targeted ransomware attacks

Symantec warns of rise in targeted ransomware attacks

More groups trying to emulate SamSam’s success, security company says

Credit: Dreamstime

Symantec has warned of significant growth in ransomware attacks targeting enterprises, as well as an increase in the number of groups believed to be behind the campaigns.

Although 2018 saw an overall decrease in the number of ransomware infections, attacks against businesses and other organisations grew significantly, Symantec warned in a white paper recently released.

The security vendor said that ransomware infections had dropped by a fifth, but attacks targeting organisations grew by 12 per cent, with enterprises accounting for 81 per cent of all ransomware infections in 2018.

In late 2015/early 2016, security companies including Symantec warned that attackers were using unpatched JBoss servers as a pathway into enterprise networks to deploy ransomware.

An increasing number of groups have sought to emulate the success of the ‘SamSam’ ransomware group, Symantec’s white paper states.

While in 2017 SamSam was believed alone in specifically targeting enterprises with ransomware, in early 2018 Ryuk emerged. Since then other ransomware gangs including GoGalocker, MegaCortex and Robbinhood have been identified.

“As recently as January 2017, Symantec observed a little more than a dozen organisations a month being attacked,” the security vendor’s white paper said. “However, recent months have seen that figure grow to above 50 organisations a month.”

GoGalocker “typifies the current type of targeted ransomware attack being deployed against businesses,” states a Symantec blog entry.

“The attackers behind the ransomware are skilled and knowledgeable enough to penetrate the victim’s network, deploy a range of tools to move across and map the network while using a variety of techniques to evade detection, before simultaneously encrypting as many machines as possible.

“In carrying out its attacks, GoGalocker borrows many of the tools and techniques used by espionage groups, making extensive use of publicly available hacking tools and living off the land tactics. Once inside the victim’s network, the attackers run PowerShell commands to run shellcode that enables them to connect to the attacker’s command and control server.”

Tools such as Mimikatz and Wolf-x-full are used to traverse an organisation’s network and steal credentials, Symantec said. Attackers will often seek to disable security software and then deploy ransomware across the network.

The security company said GoGalocker has attacked organisations in industries including computer services, accountancy and auditing, consultancy, financial services, power tools, building and construction, financial services, publishing, printing, metals, and warehousing and storage.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags symantecsecurity



EDGE 2019: Thought leaders share how to build a channel of the future

EDGE 2019: Thought leaders share how to build a channel of the future

Day 2 of EDGE was opened by in-depth research from TRA's Tim Dillon, which outlined the partner view on the channel's future. The following day saw Forrester's Jay McBain and Odgers Berndtson's Tim Sleep conclude the keynote line-up, while HPE and Cisco rounded off the thought leadership.

EDGE 2019: Thought leaders share how to build a channel of the future
Tech credentials on show during Ingram Micro One APAC

Tech credentials on show during Ingram Micro One APAC

Ingram Micro outlined the key technologies for future channel growth on the second day of Ingram Micro One APAC in Singapore, in front of more than 1300 business leaders.

Tech credentials on show during Ingram Micro One APAC
EDGE 2019: Dinner Under the Stars

EDGE 2019: Dinner Under the Stars

After an intensive day of keynotes, breakout sessions and networking, 300 delegates donned their whitest gladrags and unwinded at Edge's customary Dinner Under the Stars at Outrigger Marquee. Photos by: Christine Wong.

EDGE 2019: Dinner Under the Stars
Show Comments