VRB News
Virtual Reality Brisbane
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
No Result
View All Result
Home IT news

2020: how will the attackers on cryptologia?

admin by admin
June 10, 2020
in IT news
0
2020: how will the attackers on cryptologia?
0
SHARES
33
VIEWS
Share on FacebookShare on Twitter

2020: how will the attackers on cryptologia?Natalia Solovieva | 10.06.2020

2020: сколько заработают злоумышленники на криптолокерах?

At the end of 2019 the number of attacks, which made the program kriptologii increased by 40%, the average size of the required repurchase increased by more than an order of magnitude. In 2020 hackers as
expected to set a “record” as the number of attacks and the size of the damage caused by. These are the findings of the study “ransomware: the latest attack methods cryptographers”, prepared by experts of Group-IB.

According to experts of the laboratory of computer forensics, Group-IB, 2018 in terms of malware attacks that encrypt user files on the computer and require for the decryption of money (in light of
recent events – usually in bitcoins) was relatively quiet. But in 2019, the hackers decided to catch up – the number of resulting attacks using viruses, ransomware
increased by 40%. As their victims, the attackers chose a large computer network, in the possession or control of major corporations, municipalities and medical institutions.

The average size of ransom, which the viruses required for unlocking access to the files and their transcripts has grown substantially. If in 2018 it amounted to the sum of $8 thousand, in 2019 it
rose more than 10 times, and reached a figure of $84 thousand Experts of Group-IB also called the virus–coders, which showed itself at the end of last year the most aggressive and the most demanding
large amounts of redemption, the amount of which reached, at times, $800 thousand of the TOP leaders of this “anti-rating” was included malware families Ryuk, DoppelPaymer and REvil.

News from the life of cryptographers

For 2019, the attackers have reached a new level, ceasing to confine its work only encrypted files: they began to promote ransomware as a service RaaS
(Ransomware-as-a-Service) and pass the virus programs “rent” for a portion of the resulting foreclosures.

In the past year, the operators of a number of viruses, ransomware has begun to use a range of tactics, techniques and procedures (TTPs), which are characteristic for the target of cyber attacks (advanced persistent threat,
APT groups). Among them, for example – unloading data before encryption, which are assumed to be important for the potential victims. So acted, for example, operators of viruses of the families
REvil, Maze and DoppelPaymer. But if the organizers targeted cyber attacks the tactics of espionage, the organizers of attacks use “encoders” to achieve thus
increase the likelihood of receiving a ransom. If the victim does not agree with the requirements of the latter and does not pay the money, received when attacking critical information is being sold on the darknet.

Another innovation last year – the frequent use of campaigns cryptographers a large number of banking Trojans, such as Dridex Emotet, SDBBot and Trickbot on stage
the primary compromise of the network.

Phishing distribution, infection through external remote access services, primarily through Remote Desktop Protocol (RDP), and attacks drive-by topped the list of the primary vectors for compromising network
which began the attack.

In phishing emails, who headed the rating, often have hidden viruses-coders Shade and Ryuk. Campaign of the hacker group TA505, which spread ransomware
Clop, often begins with a phishing e-mail. The infected attachment contained in the letter was uploaded, including one of the Trojans – FlawedAmmyy RAT or SDBBot.

Most of the available servers, open port 3389, which in 2019 have exceeded 3 million, was located in Brazil, Germany, China, Russia and the United States. This direction of compromise the most
often used operators are viruses Dharma and Scarab.

Quite often to deliver ransomware attackers used infected web sites. The user enters this site, redirected to page which was trying to discredit him
gadget, what is most often used exploit kits EK RIG, Fallout Spelevo EK and EK. Thus, the operators of the malware Shade (Troldesh) and STOP encrypted data on the original compromised
devices, and the operators Ryuk, REvil, DoppelPaymer, Maze and Dharma gathering information of entire network infrastructures.

In addition, most operators of such programs-extortionists, as Ryuk, Revil, Maze and DoppelPaymer, began to operate with tools that gave the opportunity not only to conduct reconnaissance
in the compromised network, but to gain a foothold in it, to obtain privileged credentials and full control of your Windows domains. These tools by the specialists in the field
cybersecurity used during the tests – Cobalt Strike, CrackMapExec, PowerShell Empire, PoshC2, Metasploit and Koadic.

Who will save us from the blackmailer?

In General, summarize the results of the study “ransomware: the latest attack methods codebreakers”, the authors, in 2019, the operators of the malware-coders significantly strengthened their positions, chose to attack the larger
goals mainly from the corporate sector and increased their income. They use tactics and tools have evolved over the past year, to sophisticated techniques that were previously featured
the target of hacker attacks. Given these circumstances, experts predict, the coming 2020 may set some kind of record for number of attacks and size caused by them
losses.

Despite the increased scale campaigns coders, they still can be effectively countered, if you follow the necessary precautions, I’m sure Oleg Sulkin, leading specialist
The laboratory of computer forensics, Group-IB. For example, to connect to servers via RDP, you must exclusively use of VPN for accounts used to access via RDP
passwords must be complex and must be changed regularly. The list of IP addresses that can be triggered by an external RDP connection, you should limit.

Virus-extortionist

Journal: Journal IT-News, Subscription to magazines

Previous Post

VTB will accelerate the introduction of Bank account

Next Post

The arrest of the Chairman of PF Alexey Ivanov: the amount of bribes amounted to 4.4 mln RUB

admin

admin

Related Posts

Image Technology: A lot of fake Netflix messages circulating in Netflix account suspension? Problems with the subscription? Anyone who currently receives such messages, which supposedly come from Netflix, should be extremely skeptical and just do not rush anything. More…
IT news

Image Technology: A lot of fake Netflix messages circulating in Netflix account suspension? Problems with the subscription? Anyone who currently receives such messages, which supposedly come from Netflix, should be extremely skeptical and just do not rush anything. More…

June 2, 2023
Blockbuster mocks Netflix for charging to lend your account
IT news

Blockbuster mocks Netflix for charging to lend your account

May 31, 2023
How ChatGPT can help you in everyday life
IT news

How ChatGPT can help you in everyday life

May 25, 2023
Amazon reveals the free Prime Gaming games of May 2023
IT news

Amazon reveals the free Prime Gaming games of May 2023

May 25, 2023
Safety Shoes in UAE
IT news

Protective safety footwear: Combining comfort and safety

May 23, 2023
Next Post
The arrest of the Chairman of PF Alexey Ivanov: the amount of bribes amounted to 4.4 mln RUB

The arrest of the Chairman of PF Alexey Ivanov: the amount of bribes amounted to 4.4 mln RUB

Premium Content

US Federal Reserve Fed Issues Cryptocurrency Guidelines for Banks

US Federal Reserve Fed Issues Cryptocurrency Guidelines for Banks

August 17, 2022
Come, see and drink coffee: Sberbank of Russia and introduce Visa payment on “the view”

Come, see and drink coffee: Sberbank of Russia and introduce Visa payment on “the view”

July 12, 2020
Echo Combat: Trailer and release details

Echo Combat: Trailer and release details

November 27, 2021

Browse by Category

  • Games
  • IT news
  • Tech
  • World

VRB News is ready to cooperate with webmasters and content creators. Send an email to info@virtualrealitybrisbane.com

Categories

  • Games
  • IT news
  • Tech
  • World

Recent Posts

  • Image Technology: A lot of fake Netflix messages circulating in Netflix account suspension? Problems with the subscription? Anyone who currently receives such messages, which supposedly come from Netflix, should be extremely skeptical and just do not rush anything. More…
  • Blockbuster mocks Netflix for charging to lend your account
  • How ChatGPT can help you in everyday life

© 2021 - The project has been developed ServReality

No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact

© 2021 - The project has been developed ServReality

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?