Another wave of ransomware attacks may be on the way. The Dutch security company Northwave warns against this, which often assists victims of such attacks. These attacks regularly affect companies and governments, who are then pressured to pay money to access their own files.
The company has seen since last Thursday that a well-known group of internet criminals sends phishing emails containing rogue software. The mails supposedly come from DocuSign, a tool with which documents must be signed.
With the rogue software, they gain access to a company or government network and sell that access to a ransomware group. The organization then extorts this: if they do not pay, all files will be lost.
“In December and the first week of January, attackers were already extremely active,” said Steven Dondorp of Northwave. “Many organizations are understaffed and that gives attackers a chance to do their thing.” The attackers are mainly from Eastern Europe, according to Northwave.
A few years ago, ransomware attacks mainly affected home users, who then had to pay a few hundred euros to access their files again. But cyber criminals have discovered that there is much more to be gained from companies. If they manage to shut down companies or governments completely, they are quickly prepared to pay high amounts to continue. For example, Maastricht University paid ransomware attackers 200.00 euros.
Companies and governments should pay attention: according to Northwave, it takes about two hours after a successful phishing e-mail for the attackers to control the entire network. The ransomware itself follows a few days later.