It seems like I’ve been talking a lot about ransomware recently. It also seems like ransomware is mentioned in every other security article I read. There’s a good reason for this: Ransomware is the biggest threat to enterprise security today, according to Kaspersky Lab. In its Threat Evolution report for the first quarter of 2016, security experts discovered nearly 3,000 ransomware malware modifications, and ransomware has surpassed APTs as the most troublesome threat.
The three ransomware families causing the most damage in the first quarter were TeslaCrypt, CTB-Locker and CryptoWall, with the ransomware known as Locky being the most widespread malware.
As ZDNet mentioned, the rise of ransomware news came out almost in tandem with the arrival of a new strain of ransomware called Petya:
a particularly vicious infection which goes further than most by not only locking down files, but completely removing access to hard drives and operating systems. Kaspersky researchers have labelled this ability to apply full disk encryption as the “most significant technical innovation in ransomware.”
But Petya keeps evolving. Now, Peyta creators have updated the ransomware to activate Mischa, another form of ransomware, if administrator rights are not granted. As Dodi Glenn, VP of cyber security at PC Pitstop, told me in an email comment:
The first version of Petya was intense, wreaking all kinds of havoc once a PC became infected, including encrypting files and locking up the hard drive. However, in order for Petya to worm its way into your system, you needed to allow it administrator rights through the UAC security feature. Now with Mischa, you’re damned if you do, damned if you don’t.
As Kaspersky Lab’s Threatpost blog noted, Petya in its original form was far from perfect and security experts were able to recover lost files. However, cybercriminals upped their game and made improvements and are doing exactly what I and many others have warned about – it is nearly impossible to keep up with the threats. They are easily staying one step ahead and essentially re-inventing the way malware operates. Or as Stu Sjouwerman, founder and CEO of KnowBe4, stated in an email message to me:
This is the first time that this type of malware comes with a double-barrel ransomware attack. It also uses innovative social engineering to trick the end user into opening a PDF resume, for example. Employees in human resources and accounting are high-risk groups that need to be taken through effective security awareness training, which includes frequent simulated phishing attacks.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.