Written by Haydon Kirby, IT Account Director – 21st September 2016
Email phishing is the main delivery source of ransomware viruses such as RAA, Zepto and Locky. However, surprising new figures from Juniper Research state that under one third of organisations actively monitor emails for phishing attempts.
The new strain of RAA Ransomware
The RAA Ransomware virus that emerged in June this year is still causing havoc to businesses around the world. However, in recent weeks the virus has been developed, and the data stealing ‘pony’ Trojan contained within can now install malware to encrypt machines even if they’re offline. (Learn more about the different types of Malware)
To make it much harder for anti-virus software to intercept the newer strain of the RAA virus, it now arrives via email in a password protected ZIP file (previously it was delivered in a standard Zip file). To further optimise the delivery rate, Hackers now make the emails containing the malware sound less alarming to recipients as they mention that ‘due to security reasons’ the file attached has been protected.
The Pony Trojan
The ‘Pony’ Trojan contained in the new strain of this virus is a form of data stealing malware that’s capable of stealing the users login credentials.
For hackers, the ability to get their hands on corporate credentials is like gold dust. As login credentials provide the opportunity for them to use legitimate business accounts to easily spread the Trojan to a much wider audience within a business and increase their criminal bank balance. Login credentials are worth a lot of money and will likely be sold to other cyber criminals. This will likely mean that the original recipient may be targeted for a second or third time.
RAA Ransomware now targets businesses only
But last and probably most importantly, the first strain of the RAA Virus targeted all users both domestic and business. However, the focus has now switched to businesses only because the ransom set out can be much higher and seeing as the level of inconvenience is much greater and more credentials can be obtained, so are the chances of the ransom being paid.
There are several things your business can do to help prevent malware phishing attacks. The first starts with employee awareness as explained in our previous blog post. You could also undertake the Government backed Cyber Essentials Scheme.
For larger businesses we also stock a range of state of the are malware protection from both Sophos and WatchGuard that can detect and prevent most malware attacks. InterceptX from Sophos is one of the best on the market at present. Please get in touch to find out more.