Analysis from Sabrina Berkenhopf for G DATA: Manamecrypt – a ransomware that takes a different route. Somewhat unusual in that rather than spreading via attachments or exploit kit, the sample analysed by G DATA is bundled with legitimate software, it blocks a number of applications from running where processes include certain strings – for instance, the names of security products. In its present incarnation, the data can, however, be recovered.
Kat Hall reports for The Register on an attack against North Dorset Council apparently involving 6,000 files compromised by ransomware. The council refused to pay the ransom and are quoted as saying:
“The ‘ransomware’ attack was quickly detected by our security systems and action was taken to minimise the impact on our systems. No customer data was compromised.”
G-Data’s Eddy Willems is quoted as saying that organizations are being targeted that are less likely to have up-to-date protection and therefore more likely to pay the ransom. ESET’s Mark James didn’t suggest specific targeting, but did observe that public sector organizations are vulnerable because of the sensitivity of the data they hold and the fact that they are likely to be hampered by budget constraints.
Having spent much of my life working for the National Health Service, I’m all too aware of those constraints, and have a great deal of sympathy for executives who have to walk the tightrope between the need for the best affordable security and the need to prioritize direct spending on patient care. Similar concerns apply in other public sector organizations, charities and so on. When it comes to ransomware, however, the risk it poses to client data and wellbeing does call for an effective security strategy that prioritizes data and system backups and data recovery. It sounds as if the Council in this case were properly prepared.