Here is ESET’s latest extortion virus report.
ESET has published its latest report on extortion viruses , which examines how extortion viruses are becoming increasingly dangerous through technical developments by criminals and more and more deceptive tricks. It also introduces the most common techniques used by attackers, focusing on the three most common attack vectors: Remote Desktop Protocol (RDP), e-mail attachments, and the supply chain.
Teams attacking the extortion virus have exploited the extortion and expansion toolkit to focus on intrusions through publicly available and poorly configured systems running the coronavirus epidemic, such as the Remote Desktop Protocol. According to ESET telemetry data, RDP has now become one of the most common forms of attack: between January 2020 and June 2021, the number of such detections exceeded 71 billion. Unlike malicious file attachments attached to e-mail, attacks through RDP can trick many detection methods under the guise of legitimacy because businesses are less aware of this threat.
335 million attacks prevented
ESET telemetry has also revealed that the Server Message Block (SMB) protocol, which is mainly used for file and printer sharing on corporate networks, can also be used as an attack vector. can be used, and through this, the extortion virus can be successfully introduced into the network of organizations. Between January and April 2021, ESET’s security solutions prevented more than 335 million public SMB brute force attacks.
As extortion virus attacks become more targeted, it is essential that businesses are aware of the latest methods of cybercriminals and are prepared to deal with them. Since the beginning of 2020, it has been proven time and time again that compliance with rules, appropriate remote access settings, strong passwords combined with two-step access, and regular security updates can successfully combat blackmail viruses. In addition to properly setting RDP and other cyber hygiene factors, the report recommends that businesses use an advanced endpoint detection and response tool such as ESET Enterprise Inspector.
Huge attacks recently
The report highlights Kayesa and Recent large-scale attacks on the Colonial Pipeline system and the enormous cost of extortion virus attacks to businesses worldwide. The authors of the study also discuss the dilemma of paying ransom in the light of the cases mentioned above. They argue that while paying a ransom may recover some of the files, there is no guarantee that cybercriminals will actually be willing or able to restore full access to the data and that the required cryptocurrency will help them further fund future anonymous crimes – so there is still controversy making such payments illegal .
It is essential that organizations have the necessary knowledge of the latest developments in the blackmail virus arena in order to build their protection based on cyber hygiene, optimal settings, regular backups and reliable security measures. The report reflects the goal of ESET to always provide administrators with practical protection and prevention advice, one step ahead of cybercriminals.
There is help when the problem is already there
The No More Ransom initiative, launched in 2016, is a joint effort of law enforcement agencies and IT security companies. is designed to help victims of extortion viruses recover files.
Since ESET joined the initiative in 2018, it has made five extortion virus management tools available to the public, helping more than 25,000 people. ESET technologies detect millions of extortion virus attacks every year. The cyber security company’s security technology against brute-force attacks proved to be a particularly successful defense mechanism: between January 2020 and April 2021, it detected and blocked approximately 55 billion attack attempts targeting nearly 1 million ESET clients. In addition, more than 300,000 Internet users have downloaded one of ESET’s publicly available extortion virus removal tools.
Since its inception, No More Ransom has helped more than six million people recover their hostage files free of charge, preventing criminals attacking the blackmail virus from obtaining nearly € 1 billion. The initiative currently offers 121 different free tools, capable of decoding 151 extortion virus families, and bringing together 170 defense partners from the public and private sectors. The portal is available in 37 languages, and the new No More Ransom website is more modern and user-friendly, providing up-to-date information and advice on extortion viruses and attack prevention.