The US Federal Financial Institutions Examination Council (FFIEC) is warning banks about a continued sharp rise in cyber-attacks using ransomware.
Ransomware seizes control of and blocks access to files, programs and operations of a victim’s computer system by encrypting the system files. The cyber-criminal then displays a message on the infected computers demanding a payment be made, and sometimes threatens to destroy all of the files if the victim attempts to uninstall or otherwise remove the malware without paying the ransom.
This type of malware is typically a consumer scourge, but the FFIEC said that there has been a concerning uptick in both the number and severity of attacks against financial institutions that involve extortion, with ransom demands ranging up to $5,000 each.
According to an analysis from Easy Solutions, bank-focused ransomware screens often attempt to trick the victims into thinking that the attack is the result of an official government sanction, using images such as the official crest of the FBI, Department of Homeland Security or local police department to demand that a “fine” is paid, for noncompliance or some other relevant transgression.
The security firm found that the latest attacks have involved the recently discovered strain of ransomware called Linux.encoder, which attempts to infect Linux-based operating systems and files for web pages. This has only crested in use in the last couple of months.
“The ransomware waits for administrator privileges to run, and when it does, it moves to the server and encrypts any file type, image, page, script and source code it can find,” said Michael Lopez, director of operations for the US and Canada at Easy Solutions. “This malware leaves a text file detailing how victims can pay the single Bitcoin ransom in exchange for a key to decrypt the files.”
Industry analysts estimate that fraudsters can make an average haul of around $400,000 per month using ransomware. And the tools for carrying out the attacks continue to evolve. McAfee Threat Labs noted that there are several fast-growing families of the malware, such as CTB-Locker, CryptoWall and others. The total number of ransomware samples grew 127% in the past year, the firm said in a recent quarterly threat report.
Lopez noted that ransomware is not the only method that cybercriminals use to extort money from financial institutions. Other tactics include a denial of service (DoS) attack, the theft of sensitive business and customer information to extort payment, or other concessions from victims may also be employed.
Photo © Robing