Over the last couple of years, ransomware, a malware that encrypts data or freezes your device to extract money from you, has risen out of nowhere to become one of the biggest cyber threats that organizations all over the world face today. But why has it turned into such a big problem? Why is it so difficult to fight ransomware and how is it deployed?
There was an episode of “The Good Wife” in season 6 about this. The culprit was a Russian and the law firm in Chicago was able to outwit him (the Russian) with their investigator’s help (Kalinda Sharma, played by Archie Panjabi). Ransomware is scary! Why the industrialized countries do not have much more severe punishments for unethical people like this is incredible.
A report released by Palo Alto Networks looks into just how ransomware has become such a lucrative way for cyber criminals to earn money and what the future looks like for these attacks.
Ransomware spans the globe and doesn’t discriminate when it comes to choosing victims, and there is absolutely no negotiating with ransomware. It takes a few seconds to execute and will lock everything down in an organization no matter how critical that information is. And why would that information not be critical? It is the organization’s work data. What is more vital than this?
In the second quarter of 2016, PhishM Intelligence was able to generate 559 threat reports that detailed new malware delivery through phishing emails. This also included compromise indicators as well as the techniques and tactics that are employed by threat actors.
This data have shown that the volume and number of malware deployments that incorporate simple evasion techniques have increased, and this circumvents the protection of most security systems.
There are a number of malware deployments that were recorded using less sophisticated software that wield robust feature sets even by today's standards.
In March, it was noted that there was a very strong diversification of strains of ransomware that were held responsible for 93 percent of all the malware payloads that were delivered in that month. But research from the second quarter shows that ransomware started to consolidate only in May and June, with Cerber and Locky being the ransomware that was dominating the scene.
Recently, there's been a 600 percent increase in ransomware families while strains such as KeRanger, Teslacrypt, and Locky are making the news. KeRanger is the first ransomware that targets OS X.
Ever since bitcoin was launched in 2013, users have been allowed to exchange money online anonymously in this digital currency. This has led to the creation of 30 malware families around the world that demands payment in bitcoins. This is like an online threat version of "The Sopranos."
Ransomware's success is mostly because of its lucrative business model, as revealed by Palo Alto Networks. Apparently, it pays to be a thief.
Attackers have spent a lot of time trying to create the perfect business model and now, with these new factors in play, hackers have started profiting with ransomware at the cost of honest organizations and companies.
A few years ago, hackers used to profit by stealing data and then selling it to the highest bidder. But the price of such stolen records has fallen from around $25 to $6 a record, which has forced cyber attackers to look for new sources of income. A lot of them typically turned to ransomware where the returns are usually a lot higher.
While some ransomware campaigns are very complex to perform because of the technology involved, the costs attackers have to bear are low.
What does the future look like?
Advances in the distribution of attacks, anonymous payment methods such as cryptocurrencies, and the technology that can be used for reliably encrypting or decrypting data, has helped criminals earn money very quickly.
The explosion of IoT devices means the concept of ransomware is even more widespread, with attackers being able to hold a plethora of integral devices for ransom. A device like a refrigerator, which doesn't contain any sensitive data, might have its cooling disabled by a smart hacker rendering it useless until the user pays up. You better drink that milk quick!
This will result in higher ransoms with hackers figuring out ways to target the systems that contain the most valuable information and then increasing their ransom demands. Now only if that Mel Gibson “Ransom” movie was as interesting! That movie was disappointing, but let’s get back on topic.
Ransomware is utilized by criminals who are able to use this software to infiltrate the network of an organization and secure the most valuable data.
Until organizations around the world can adopt a mindset that involves prevention, and stop paying these ransoms to get their data back, this malware is going to continue threatening all devices that are connected to the Internet.
To change this dynamic, we are going to have to move beyond the current campaign in order to identify and then block underlying architecture, which will cut off criminal activity at the source.
Since ransomware attacks tend to be very quick, typically within just a few minutes of infecting a PC, the detect-and-respond model of protection hasn't proved to be of too much value when it comes to limiting its impact. If you have a detection system that alerts you about the presence of an infection, it is already too late for you to protect your files from becoming encrypted. It is critical for you to be able to prevent malware from entering your network and compromising any of the systems where you store valuable data.
Most of the latest ransomware makes use of very strong cryptography that cannot be reversed easily. But if it is already too late and you have been infected, there are a few security vendors who will be able to help you decrypt your files without having to pay the ransom.
To find the right provider to approach, you will need to understand the type of ransomware you're dealing with and identify its family. That is like being snake bit. The doctor is going to need to know what type of snake bit you.
Paying a ransom should be a last resort as these payments will help fund criminal activities, and will provoke attacks by encouraging other people to hold additional data for ransom. As long as they keep earning money this way, they are going to continue considering this as a profitable business model.
Ransomware now accounts for 50 percent of the malware out there, and it doesn't look like this trend is going to slow down any time soon. The frequency and tenacity of phishing attacks is now considered a tried-and-tested practice.
Ransomware demands are usually between the bitcoin values of $200 to $500 and also include threats that the amount could double if no payment is made in a timely manner. Until someone coming from an honorable and righteous corner does something about this, it appears humanity will have to endure this type of pathetic and atrocious behavior.