Kovter police ransomware infecting 44,000 devices per day

Ransomware is on the rise following GameOver take down

The infamous Kovter police ransomware is infecting nearly 44,000 devices per day, earning criminals as much as $1,000 per successful attack.

Damballa revealed an alarming spike in ransomware attacks in its State of Infections report, revealing a 153 percent increase in Kovtar infections from May to July, when the malware was infecting as many as 43,713 mobile devices, tablets, PCs and laptops per day.

Kovter is a form of police ransomware that tries to extort payment from its victims by locking infected systems to display a bogus message masquerading as a ‘fine’ payment message from a legitimate law enforcement agency.

“Regardless of the victim’s actual viewing history, the malware can present ‘proof’ of illicit activity and demand ransom to allegedly avoid penalties and jail time. It’s essential for victims to know that paying the ransom will not remove Kovter from your system or restore its functionality,” explained the threat report.

Damballa CTO Brian Foster told V3 that the malware spike could be due to a market gap created by a recent GameOverZeus takedown operation.

“We’ve seen ransomware become one of the top ways cyber criminals make money. It’s grabbed the headlines and the news. It’s motivated by profit so if they find something that works they stick to it. The rise is just opportunism by threat actors,” he said.

“The Cryptolocker threat actors are smart and if one of their tools gets shut off they just find another way to do it.”

The operation saw enforcement agencies across the globe partner with numerous security firms, including Damballa, to launch a co-ordinated sting operation that temporarily shut down the GameOverZeus botnet in May.

The botnet is believed to have enslaved between 500,000 and one million computers at its peak, and is known to have been used to spread the infamous Cryptolocker ransomware.

Foster said that, despite the alarmingly high infection levels, the nature of ransomware means the blackmail campaigns may eventually burn themselves out.

“There’s an interesting element to see how this pans out for the guys creating the ransomware. At the moment even if you pay them you’re not getting the keys to unlock your data. If that continues it won’t be a money maker for criminals,” he said.

“The criminals need a good reputation to keep this going and that’s difficult for them. If people realise that paying this ransom won’t get your computer unlocked that’ll affect [criminals’] ability to make money from it.”

The Damalla CTO said that firms should be more concerned with the rapid influx of advanced defence dodging attacks being developed by cyber criminals.

“Over the next 12 to 18 months malware will become more advanced, especially in resiliency, and the infrastructure behind it will be harder to take down. That’s an important change organisations will have to have to be prepared for,” he said.

The Damballa report said that as many as one in five businesses are already “encountering” or interacting with cyber criminals on a daily basis.

Damballa’s report follows the discovery earlier in August of several new advanced malware attacks. Security firm Trend Micro reported uncovering a cyber campaign using an advanced malware, codenamed Poweliks, to steal information from Microsoft Windows customers.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

13 August 2014 | 1:00 pm – Source: v3.co.uk

Leave a Reply

Your email address will not be published.