Kaspersky has discovered a new ransomware that targets NAS

In recent years, ransomware has made a real massacre of data, affecting both common users and companies of all sizes, including essential structures such as hospitals. At the beginning of 2019, the feeling was that the phenomenon was decreasing, but in the following months new variants of these particular types of malware have sprung up, demonstrating the fact that you must never let your guard down.

In the third quarter of 2019, Kaspersky detected 229,643 ransomware-type attacks through its antivirus network. Compared to the same period of 2018, an 11% drop was measured, but if on the one hand the number of users involved decreased, it should be noted that the variants of the ransomware used increased significantly (+153%), a sign that the scammers did not they have decreased their criminal activity but are focusing on more targeted targets.

In any case, the ransomware of the WannaCry family are the most popular and affect about a fifth of users Trojan-Ransom.Win32.Wanna, which with 20.96% of users attacked is the most popular ransomware, at least according to the data analyzed by Kaspersky. Trojan-Ransom.Win32.Phny (20.01%) follows a short distance while Trojan-Ransom.Win32.GandCrypt is in third place, with 8.58% of users attacked.

The evolution of ransomware: hackers target NAS

Typically, ransomware is inoculated into computers through phishing emails, convincing users to click on an attachment or link that leads to malicious sites. The new ransomware discovered by Kaspersy, on the other hand, does not require user intervention: the scammers scan ranges of public IPs to search for NAS and, once found, attempt to access them using known vulnerabilities or using the default passwords. Once they manage to enter, they encrypt all the data contained on the unit, leaving the usual ransom letter to be paid in bitcoin.

This is a particularly subtle attack mode since the user cannot notice anything or take any action to ensure that the attack is successful. Not only that: very often NAS are used to manage backups of computers and other devices connected to the network, which makes these particular malware extremely insidious.

” Previously, encryption ransomware targeting NAS was a barely noticeable phenomenon ” – said Fedor Sinitsyn, Kaspersky’s Security Researcher – ” Only this year, we have already detected a number of new families of ransomware focused exclusively on NAS: This trend is not destined to disappear: for attackers, it represents a very profitable attack vector from an economic point of view, above all because users find themselves completely unprepared, considering these highly reliable technologies. NAS devices are usually purchased precisely because they are recognized as complete and safe products, an idea that, we have seen, is not true. Consumers and especially business users must pay close attention to the protection of their data “.

The threats detected by Kaspersky in the last 3 months of 2019

In 90 days, Kaspersky’s security solutions identified just under a billion threats (989.432.403, for those who love precision), 4% more than a same period of the previous year. Attacks targeting bank accounts decreased by 35% (Kaspersky counted 197,559 attempts of this type), as did malware spread via malicious installation packages (-33%).

The number of ” unique ” malware measured by the well-known antivirus manufacturer is 230,051,054 slightly down (-4%) compared to the previous year.

The complete report is available at this address.