Skip to main content

Ransomware, malware operations shut down, but not going away

ransomware hospital hackers demand more money ransomeware
Brian A Jackson/Shutterstock
It’s hard to imagine a more significant blight on the Internet than ransomware. Forget malicious destruction, forget spying on you — ransomware takes over a system, takes over your files, and demands money in order to (maybe) return them to you. So when news emerges where one of these operations is taken down, that’s a good thing.

Researchers from Cisco Systems announced they were behind the takedown of a massive ransomware operation run by a cyber criminal group. The take from this operation was an estimated $34 million per year.

The report further states a number of estimates, including:

  • Up to 90,000 victims were targeted per day
  • The full scope of all Angler Exploit activity could exceed $60 million annually
  • This network was responsible for up to 50 percent of all Angler Exploit activity
  • A $300 ransom was paid by about 3 percent of the victims
  • The exploit servers had a life of one day

In the meantime, other types of malware continue to be incredibly hard to put down for good, despite efforts to take down these massive cybercriminal operations. The latest example was the resurrection of Dridex malware. Officials from the United States and United Kingdom said in early October that the botnet behind this flavor of malware had been taken down. A serious financial threat to the average consumer, this malware is known for the malicious behavior of monitoring financial login details and other personal information. Hackers find a way to access financial accounts and cause very big problems.

When the Dridex botnet takedown was announced, it was also disclosed that a 30-year-old Moldovan man named Andrey Ghinkul was sought for extradition in connection to $10 million malware scam. There have been no developments there, but no less than two weeks later, reports started to come in from Palo Alto Networks of increased Dridex activity detected throughout its networks. Propagating in email, the spectrum of potential victims, combined with the financial implications of this malware, is an issue with great impact.

The threat that malware and ransomware wield have produced considerable headaches for many institutions and individuals. The continued risk of loss of stolen intellectual property, credit card info, and personally identifiable information (PII) have many security professionals, law enforcement, and companies worried. These operations continue to generate hundreds of millions of dollars annually, with no end in sight. A secretive marketplace for unknown vulnerabilities, specialized services to modify code, and the trade of information has been the bane of efforts to curb these matters.

Steps to protect yourself against the threat follow the proven course of keeping computers, software, and anti-malware up to date.  Finally, if you suspect you’ve been compromised, contact a professional.

Editors' Recommendations

John Casaretto
Former Digital Trends Contributor
John is the founder of the security company BlackCert, a provider of SSL digital certificates and encryption products. A…
New Orleans targeted by ransomware attack, forced to shut down city network
road rave the best cities for self driving cars new orleans aerial

The city of New Orleans has been the target of a cyberattack which lead to officials shutting down the city's network and declaring a state of emergency, as reported by Forbes. This follows a number of high-profile attacks against city infrastructure in the U.S., such as the ransomware attack which hit Baltimore earlier this year and a cyberattack against Dallas in 2017.

The attack began at 11 a.m. on December 13th, according to NOLA Ready, the city's emergency preparedness campaign. NOLA Ready tweeted that the city "detected suspicious activity on its networks that indicated a potential cyberattack." In response, all city employees were instructed to power down their computers, disconnect devices, and disconnect from WiFi. The city also chose to power down its servers, in what it describes as "an abundance of caution."

Read more
Hackers are scoring with ransomware that attacks its previous victims
businesses and cyber security firms are coming up with creative ways to fight hackers laptop hacker

Hackers are targetting computers with ransomware that scours a previously infected network in order to pinpoint and attack and enterprises with big money. Named "Ryuk," the ransomware has been around since 2017, but only recently, in mid-2018, has there an uptick in successful attacks, according to research done by the security experts at FireEye.

Upward of $3.7 million in Bitcoin has been acquired by hackers leveraging these attacks, which first infects victims PCs with a "Trickbot" trojan, and then subsequently the "Ryuk" ransomware. As part of the process, after sending a payroll phishing email and tricking victims into opening it, the hacker is able to use the"Trickbot" trojan and scour the victim's network and files to determine if the target is worth infecting with a subsequent attack via "Ryuk."

Read more
The demand for hacking tools and malware is greater than the current supply
turkey blocks tor dark web keyboard key

A 34-page report published by Positive Technologies reveals a high demand for malware creation on the dark web: Three times greater than the current supply. The report is based on 25 Russian and English-based dark web sites with around 3 million registered individuals to reveal the most-popular malware in use today, the cost of attack services, and more.

“Such utilities are becoming increasingly available as a result of partner programs, malware leasing, and as-a-service distribution models,” the firm states. “This trend is not only causing a rise in the number of cyber-incidents, but seriously hindering investigative efforts to properly attribute attacks.”

Read more