Ransomware, it’s a brutally simple idea but turning out to be the defining online security issue of our era. And it’s executed with increasing sophistication by criminal groups who understand our weaknesses and how to exploit them. Our lives are now so fully entwined in the digital world, after all it’s where we store our photos, videos, customer data bases, and business plans. But have we been lapse in securing our vital assets? I’m talking about both business and consumers. And has this created the opportunity for criminals to take advantage of our idleness?
Criminals are masterminds at making money via ransomware, they don’t even steal the data. All they do is encrypt it and make it impossible to access until we give over our cash.
It’s a significant threat to business as the cybercriminals go where the money is. Therefore, we see a rise in the number of threats to businesses. For example, only last week a new wave of ransomware attacks was warned about, against at least 31 large organisations demanding millions in ransom money. In the process of laying the groundwork for their attacks, the attackers had breached the networks of these targeted organizations.
Big brand, household name type companies were the majority targets such as eight of the Fortune 500 companies. If the attack led by a group called Evil Corp wasn’t thwarted it would have spelt trouble. Certainly, it would have cost millions in damages and downtime, and then of course an impact to the supply chain.
Perhaps, it is an exaggeration to think that these WastedLocker attacks are part of Evil Corp’s retaliation against the US government. But the New York times has interpreted them as possible since Evil Corp’s leaders were indicted by the Justice Department in December. Other arguing that the gang is actually trying to attract less attention right now. This is the reason they argue the group haven’t publish information stolen from its victims or threatened to publish.
But as a well- funded group that are successful at getting companies to pay, they are both dangerously smart, and sophisticated. For example, according to researchers, Evil Corp have access to highly skilled software developers capable of bypassing network defences on all different levels, ready to exploit. How highly skilled are their software developers? Well, it seems when a version of their malware is spotted by the victim’s defence network, Evil Corp come back with a undetectable version at times with superspeed.
Ransomware gangs are changing up their target focus. They want to go for irreplaceable business assets such as file servers, database services, virtual machines and cloud environments. They’re willing to search out and encrypt any backups that organisations foolishly leave connected to the network, making any recovery that much harder. So that business will have no choice but to pay the ransom money. Meanwhile these attackers are willing to wait weeks or longer from that initial minor breach to taking over the victim’s corporate network, gaining complete control.
And impossible to catch. Police lack officers trained in high-tech crime and know that the criminals will be out of their jurisdiction. Subsequently, rather than try and fight it, most businesses cut their losses pay up, and return to business as usual. In other words, they want and forget about the cost and the stress of the whole situation.
It’s about to possibly get worse, why?
Firstly, it is looking like ransomware will form the core of a new type of a digital attack. To clarify, wiper malware is ransomware whose encryption can’t be reversed. In other words, the data is lost forever. It’s used by nation states and others who simply want to destroy networks. The fear is that wiper malware could become more mainstream as there have been a few of these incidents so far.
Secondly, it’s a worry that criminal groups will become more confident and better funded, as they are more successful, they’ll raise their sights and demands even higher:
- gangs will steal the data as well as encrypting the network
- threaten to leak the data as a means of pressuring the victim into paying up.
Mostly importantly while they are scoping the system over the many weeks leading up to the incident, they have time to understand key digital assets, like the CEO’s emails. This allows them to put even more pressure on their victims as they know too much
So, this is biggest online security nightmare is ransomware. Do you think it will get worse?