Cyber security experts have notice a series of targeted ransomware attacks on financial and transport organisations since December 2020.

Suspected to be launched by a Russian-speaking RTM group, the ransomware Quoter had a history of targeting corporates for the last five years.

“The attackers demand an average of one million dollars in ransom each time to release the data that they have taken over,” Moscow-based cyber security company Kaspersky has said.

The hackers are following the traditional and tested practice of sending phishing emails to the target ids. They would use The attackers choose a topic that they calculate will force the recipient to open the letter, such as ‘Request for refund’ or ‘Copies of documents for the last month’, to lure the victims into opening links.

If the target clicks on a link or opens an attachment, the RTM Trojan is downloaded to their device.

“The program encrypts data and leaves contacts to communicate with the attackers. If the victim does not respond, the attackers would threaten to make the stolen information public,” a Kaspersky spokesperson said.

The cyber gang, which has been attacking targets outside of Russia, has begun to attack the organisations within Russia.

“The recent attacks, which more or less follow the standard pattern of RTM activity, were first detected in December 2020 and are still ongoing,” the spokesperson said.

How to thwart attacks

In order to thwart such attacks, Kaspersky wants the organisations to equip the employees with cyber security skills. “Organisations should always have fresh back-up copies of your files so you can replace them in case they are lost. You need to store them not only on the physical device but also in cloud storage for greater reliability,” it advises.

“It is important to conduct periodic security analysis and penetration tests. Restrict access to remote management tools from external IP addresses,” it says.

comment COMMENT NOW