By Tom Jowitt
Computer users are being warned of a sudden spike in ransomware attacks, after security specialist ESET revealed that the United Kingdom is being heavily targeted.
ESET said that its telemetry revealed a spike in detections of malware dubbed JS/Danger.ScriptAttachment, and attackers are currently spamming email inboxes.
Ransomware typically infects an individual or organization via a malicious email attachment. It often encrypts the contents of a computer, and demands a ransom to unlock it.
Previous research has revealed that victims typically are willing to pay up to £400 to recover their encrypted data.
Indeed, if data is not backed up, many users feel they have little choice but to pay the attackers. A recent Tripwire survey, for example, revealed that most security professionals remain pessimistic of their recovery chances from a ransomware attack.
Other security companies have also warned previously that the United Kingdom remains one of the top targets for ransomware attacks. And ESET has now warned British users to very cautious about which email messages they open.
“If an email comes from an unknown sender or its contents are not expected, it should be deleted,” said Ondrej Kubovič, IT security specialist at ESET. “Companies should also train their employees to report similar incidents to their internal security departments.”
It seems that JS/Danger.ScriptAttachment tries to download and install different variants of malware to the intended victims’ machines.
“The majority of the code consists of crypto-ransomware, including some well-known families, such as Teslacrypt,” wrote Kubovič. “Its aim is to encrypt valuable data and demand hundreds of dollars for decryption.”
“Notably, the most recent wave has been focused on victims in the United Kingdom, where it accounted for roughly every fourth threat (detection rates reaching 26.16 percent) over the past week (April 19-26).”
“Prevention is equally important,” he concluded. “Hence, users should keep their operating systems and software up to date, install a reliable security suite offering multiple layers of protection and regular updates. Last but not least, users need to back up all their important and valuable data, allowing for its recovery in case of ransomware infection.”
It should be noted that the United Kingdom is not the only country being targeted. In the United States there has been a spate of ransomware attacks on healthcare organizations, which prompted the FBI to appeal to businesses and IT experts for emergency help.
It comes after the Methodist Hospital in Kentucky recently declared an “internal state of emergency” after a Locky ransomware attack. That ransomware also hit the Hollywood Hospital in February. Unfortunately, that particular hospital paid bitcoins worth $17,000 (£12,010) in order to get the attackers to unlock their systems.
And the prediction is that 2016 is going to be a tough year for ransomware infections. Trend Micro said there had been more ransomware-related infections in February this year, compared to the first six months of last year in total.
It therefore is predicted that 2016 could see the largest number of ransomware attacks on record.
Dell SecureWorks also warned that hackers who previously carried out attacks on behalf of the Chinese government may now be behind a number of recent incidents involving ransomware.
Even Apple, which has until recently enjoyed a relatively good security reputation, has been targeted by ransomware. Palo Alto Networks found a ransomware campaign, dubbed “KeRanger” hidden in a BitTorrent installer for software called Transmission, which allows Mac users to download videos, music and software via a peer-to-peer network.