Last week, a CryptoType of malware infected the San Francisco transit system demanding $73,000 in bitcoin ransom. The hacker used a yandex.com email address to correspond with the victim in what is considered a novice method. Novice or not, the latest Crypto infections have evolved by using new attack methods and infecting many more types of files, including encrypted backups.
The only real remedy is a complete and offline backup so that encrypted files can be
restored. Of course, you should still utilize early prevention and notification with anti-virus, anti-malware, heuristics and intrusion prevention, but preventative measures are less effective with a quickly evolving threat.
Recently, many experts have discussed how alarmingly sophisticated the threats have become. They have evolved to encrypt most file types and they specifically attack backup files. The use of servers outside of legal jurisdiction that distribute and secure the encryption key, the use of very strong encryption and use of skilled, untraceable payment methods led all to believe that this was the work of experts. But the latest rash of infections seem so amateur that they are most likely from script kiddies.
Script kiddies use prepackaged programs created by others to launch their attacks. They create their own email or other exploit to execute the program and extort a ransom. Crypto and other packages can be bought on the Dark Web for as little as $39. There is also a subscription program called Ransomware-as-a-Service or RaaS for short.
if you want to know more about script kiddies.