back to article Cyber-crooks now prefer ransomware to botnets. Yep, firms are paying up

File-encrypting ransomware has eclipsed botnets to become the main threat to enterprises, according to Trend Micro. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of crypto-ransomware. CryptoWall topped the list of 2015’s most notorious ransomware families, with a 31 per …

  1. Anonymous Coward
    Facepalm

    Insert yet more crypto-ransomware waffle

    "Unlike Android devices, which already have fragmentation problems of their own, IoT devices run on several different platforms, making device and system updates as well as data protection more complex than ever."

    That statement makes as much sense as a plot out of Fringe. How many different versions of Android can you have on your phone at any one time. When a new version of Android comes out, do all other Android phones spontaneously fragment.

    1. Stuart Castle Silver badge

      Re: Insert yet more crypto-ransomware waffle

      No. However, I think you have misunderstood what they mean.

      As I understand it, the problem with Android patching is not Google's response to security problems (which is often quick, and they often discover and fix faults before they are exploited). It's the fact that once Google has released a patch, it has to go to multiple manufacturers for testing. Those patches then need to go to multiple networks for testing. These testing and approval processes can add weeks to the release date, if they are released at all because the network would rather sell you a new phone. I had an N95 that had a version of Symbian that was at least one version behind the latest Nokia release as O2 were slow to release the update.

      Then there is the potential for finding bugs in extra software provided by the manufacturer and/or network, which can also have bugs. These bugs may or may not be fixed depending on how old the device is.

      Apple are far from perfect, but they do have the advantage here. They don't have multiple manufacturers that need to approve the update, and they don't allow the networks to install their own custom software (so less software to test). They do send updates to the networks to test, but this is done to Apple's timetable, and not the network.. The upshot is that Apple have a far narrower ranger of hardware to test on. They have far less software that needs to be tested, and they don't have delays introduced by other companies. They also have direct control over the updating process (which Google do not), which means they can get updates to larger groups of users FAR more quickly and efficiently than Google. The upshot is that i device users are far more likely to be running an up to date OS, which reduces the number of security holes..

  2. adnim
    Joke

    Sorry...

    I am to busy opening this invoice for something I haven't bought from a company I have never heard of to pass a sensible and serious comment.

    1. Anonymous Coward
      Anonymous Coward

      "I am to busy"...

      But the email subject title says that its 'urgent' ... Seriously, tell that to the lowest hanging fruit of workers in hospitals / councils right now!

      But my favourite scam concerns the lowly paid HR workers who are shipping out the entire personnel database 'to the CEO'..... Snapchat / Seagate hello??? Corporate executives, you get what you pay for when you sh1tcan everybody!

      1. adnim

        Re: "I am to busy"...

        I understand AC.... But one gets what one pays for. And if one gets better than one pays for, they soon don't give a shit for being pissed all over/ignored.

    2. a_yank_lurker

      Re: Sorry...

      The obvious ones go straight to file 13. The problem is numbers and the fact that one may look at a quick glance legitimate. In a large company it is not uncommon for colleagues to send email attachments to each other. Most of the time, I recognize the sender but it is possible for a legitimate email with a clean attachment be sent by someone who is unknown to me. So if it the looks legit then it might be opened. Now, multiply this to several thousand attachments and for some they get attachments from external sources such as from vendors (all emails are from internal people). The law of large numbers will tend to work in favor of the crooks, here. Send enough out and one will be accidentally and innocently opened eventually. With a little bit of social engineering the rates of infection will increase.

  3. Anonymous Coward
    Anonymous Coward

    Cybercrime...

    Who says quality tech jobs are dead / all outsourced....

    Seems like a growth area to me, with well paid future prospects!

  4. Anonymous Coward
    Anonymous Coward

    Ransomware & Ad-Slingers

    That's all the internet is to me anymore! I miss the days when only tech heads had access. Why even bother anymore, the net is so toxic it needs to come with a tobacco warning....

    1. Captain DaFt

      Re: Ransomware & Ad-Slingers

      -the net is so toxic it needs to come with a tobacco warning....-

      More likely needs an alcohol warning: "Caution: Use of the Internet will drive you to drink!"

      1. a_yank_lurker

        Re: Ransomware & Ad-Slingers

        Captain DaFt, you are an optimist about the drug/mental heath/suicide warning.

  5. Mark 85

    This is from Trend Micro. Ok... have they incorporated what they've learned into their AV package?

    It seems I see these reports from AV firms all the time and few of their products even give a warning for the malware they're reporting on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like