Attacks/Breaches

5/15/2017
10:00 AM
Brian Vecci
Brian Vecci
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Your Grandma Could Be the Next Ransomware Millionaire

Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.

HELP WANTED: Are you looking to pad your golden years and increase your grandkids' birthday money? Forget about reverse mortgages; instead, join our network of ransomware agents. If you can play bridge online, you can run your own ransomware campaign.

The billion-dollar ransomware business, and fifth-highest distributed malware according to the 2017 Verizon DBIR, is now accessible to anyone — no technical expertise required. Just like you can use an app to get a date, a ride, or even a mortgage, today's as-a-service technology has democratized ransomware, offering no-skilled criminals — or grandmothers who need a little extra cash — a low-friction way to get in on the game. And it's having an impact on enterprises. 

The first ransomware criminals had to build malware and sneak it inside an organization — usually accomplished with a convincing phishing campaign. Once inside, the malware locks down valuable data and holds it for ransom. The more targets an attacker hits, the better their return.

Now, with ransomware-as-a-service, attackers no longer have to build and maintain their own malware, develop an infrastructure, or manage an attack — all they need to do is sign up, offer a few grandkids' or pesky neighbors' emails, and pay a percentage as a service fee.

Ransomware-as-a-service strains like Cerber and Karmen — and now WannaCry — are dominating information security headlines and Twitter feeds, even unseating Locky from the ransomware throne. Both variants offer as-a-service models that lower the barrier to entry and provide graphical dashboards on metrics like infection rates and ransoms paid. Customers can even increase their ransom price.

RaaS: Best Tools at the Best Price
Similar to how legitimate SaaS offerings allow organizations to outsource parts of their business and infrastructure, ransomware criminals can now outsource managing and maintaining their ransomware practice. Ransomware-as-a-service providers — just like their legitimate SaaS counterparts — have an interest in making sure their customers (like grandma) have access to the best tools at competitive prices so that more will choose their service. When one threat vector closes, their business revenue is affected, so it's in their best interest to deploy updates and stay ahead of the technologies and practitioners working to stop them.

Organizations should expect the number of attacks to continue to increase, thanks to ransomware's low barrier to entry and increased sophistication due to competition between ransomware-as-a-service businesses that fight to stay ahead of each other and enterprise malware detection efforts. 

Though as-a-service ransomware may increase the frequency and sophistication of attacks, the key strategies that organizations need to employ to address ransomware and other threats remain the same:

  • Protect data from the inside. The perimeter isn’t going to protect against code running inside the firewall. Determined attackers will likely be able to get inside the network (if there's even such a thing as "inside" any more), so assuming a strong perimeter will protect you by itself may mean that your security inside the perimeter leaves you at risk.
  • Rethink your access rights. In the recent 2017 Varonis Data Risk Report, an average 20% of all folders within an organization are open to everyone. That means that only one user needs to make a mistake and become infected with ransomware to take down 20% of your shared files. Make sure that only the right people have access to what they're supposed to and data isn't accessible to every employee.
  • Monitor everything. You can't catch what you can't see, and monitoring the data that's at risk is critical. Nobody breaks into the bank to steal the pens, so make sure that you're looking at how users access data so you know when something goes wrong. Here's a hint: if you've missed a ransomware attack, you've definitely missed just about any other data-centric attack. Ransomware is the easiest attack to spot if you're watching how file systems are being used.
  • Have a remediation plan. Finally, organizations should regularly perform backups of their file system, especially critical and sensitive data, and have a remediation plan to find and restore compromised data in the case of ransomware and other cyber attacks.

Related Content

 

Brian Vecci is a 19-year veteran of information technology and data security, including holding a CISSP certification. He has served in applications development, system architecture, project management, and business analyst roles in financial services, legal technology, and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
5/17/2017 | 6:41:22 PM
Data Access Governance becomes critical
Today the perimeter is too porous to protect data and IAM or DAG ( Data access governance) program will become necessary to feud and mitigate these types of attacks.  In the WannaCry latest development, it is essential to detect changes in file shares to be able to stall the attack and limit it to a few machines.  Hard to believr we are goign back to pure detection as prevention becomes more and more impossible.
richard0011
50%
50%
richard0011,
User Rank: Apprentice
5/17/2017 | 5:06:24 AM
Re: Cybersecurity Through Education
nice
PhilA345
100%
0%
PhilA345,
User Rank: Apprentice
5/16/2017 | 11:47:45 AM
Cybersecurity Through Education
Over 70% of data breaches and hacks occur due to some form of human error. End user education and cyber awareness training are the most important steps in preventing a future data breach. The impact of cyber awareness training is something that every organization should take into account when developing their cyber strategy. https://www.securable.io/blog/cyber-security-through-education-infographic
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10617
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application t...
CVE-2018-10621
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application ...
CVE-2018-10623
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote co...
CVE-2015-4664
PUBLISHED: 2018-06-18
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVE-2018-9021
PUBLISHED: 2018-06-18
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.