In collaboration with the SECURITY RESPONSE TEAM
As we predicted toward the end of last year, we’re already seeing an upswing in ransomware activity in 2013. The ransomware extortion scam has been in existence now for a number of years, but its popularity among cybercriminals has grown over the last two years and it continues to indiscriminately plague computer users in greater numbers. These attacks have evolved from website graffiti, to malware, to destruction or theft of business critical information, and more recently to extortion. SMBs are particularly vulnerable to these types of attacks because many don’t have the necessary IT resources or backups to recover hijacked assets. To help customers and partners better understand these attacks, Symantec has tracked this growing menace in various blogs, a whitepaper, and a video.
Over the last few weeks Symantec has observed a new spike in ransomware activity worldwide. While several variants of the ransomware threat are responsible for the overall spike, the main ransomware variant being observed is Trojan.Ransomlock.Y. This variant is being distributed through pornographic websites leading to the Impact Exploit kit. To help ensure its customers are adequately protected, Symantec has the following Intrusion Prevention Signatures (IPS) in place for the Impact Exploit kit, and is observing a similar telemetry spike around detections of this exploit kit:
- Web Attack: Impact Exploit Kit Website
- Web Attack: Impact Exploit Kit Website 2
- Web Attack: Impact Exploit Kit Website 3
Figure 1. Screenshot of Trojan.Ransomlock.Y
As a small business owner, it may seem like you have no choice but to pay up if your company is the target of a ransomware extortion scam. However, keep in mind that payment in no way guarantees that your computer or server will be unlocked, and can be a very costly mistake. The golden rule is to not pay the ransom to the cybercriminals, as paying any such ransom only helps to fuel further cybercrimes. If your business has fallen victim to a ransomware scam, Symantec provides a set of instructions that can help you remove these threats.