Attacks/Breaches

5/15/2017
10:00 AM
Brian Vecci
Brian Vecci
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Your Grandma Could Be the Next Ransomware Millionaire

Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.

HELP WANTED: Are you looking to pad your golden years and increase your grandkids' birthday money? Forget about reverse mortgages; instead, join our network of ransomware agents. If you can play bridge online, you can run your own ransomware campaign.

The billion-dollar ransomware business, and fifth-highest distributed malware according to the 2017 Verizon DBIR, is now accessible to anyone — no technical expertise required. Just like you can use an app to get a date, a ride, or even a mortgage, today's as-a-service technology has democratized ransomware, offering no-skilled criminals — or grandmothers who need a little extra cash — a low-friction way to get in on the game. And it's having an impact on enterprises. 

The first ransomware criminals had to build malware and sneak it inside an organization — usually accomplished with a convincing phishing campaign. Once inside, the malware locks down valuable data and holds it for ransom. The more targets an attacker hits, the better their return.

Now, with ransomware-as-a-service, attackers no longer have to build and maintain their own malware, develop an infrastructure, or manage an attack — all they need to do is sign up, offer a few grandkids' or pesky neighbors' emails, and pay a percentage as a service fee.

Ransomware-as-a-service strains like Cerber and Karmen — and now WannaCry — are dominating information security headlines and Twitter feeds, even unseating Locky from the ransomware throne. Both variants offer as-a-service models that lower the barrier to entry and provide graphical dashboards on metrics like infection rates and ransoms paid. Customers can even increase their ransom price.

RaaS: Best Tools at the Best Price
Similar to how legitimate SaaS offerings allow organizations to outsource parts of their business and infrastructure, ransomware criminals can now outsource managing and maintaining their ransomware practice. Ransomware-as-a-service providers — just like their legitimate SaaS counterparts — have an interest in making sure their customers (like grandma) have access to the best tools at competitive prices so that more will choose their service. When one threat vector closes, their business revenue is affected, so it's in their best interest to deploy updates and stay ahead of the technologies and practitioners working to stop them.

Organizations should expect the number of attacks to continue to increase, thanks to ransomware's low barrier to entry and increased sophistication due to competition between ransomware-as-a-service businesses that fight to stay ahead of each other and enterprise malware detection efforts. 

Though as-a-service ransomware may increase the frequency and sophistication of attacks, the key strategies that organizations need to employ to address ransomware and other threats remain the same:

  • Protect data from the inside. The perimeter isn’t going to protect against code running inside the firewall. Determined attackers will likely be able to get inside the network (if there's even such a thing as "inside" any more), so assuming a strong perimeter will protect you by itself may mean that your security inside the perimeter leaves you at risk.
  • Rethink your access rights. In the recent 2017 Varonis Data Risk Report, an average 20% of all folders within an organization are open to everyone. That means that only one user needs to make a mistake and become infected with ransomware to take down 20% of your shared files. Make sure that only the right people have access to what they're supposed to and data isn't accessible to every employee.
  • Monitor everything. You can't catch what you can't see, and monitoring the data that's at risk is critical. Nobody breaks into the bank to steal the pens, so make sure that you're looking at how users access data so you know when something goes wrong. Here's a hint: if you've missed a ransomware attack, you've definitely missed just about any other data-centric attack. Ransomware is the easiest attack to spot if you're watching how file systems are being used.
  • Have a remediation plan. Finally, organizations should regularly perform backups of their file system, especially critical and sensitive data, and have a remediation plan to find and restore compromised data in the case of ransomware and other cyber attacks.

Related Content

 

Brian Vecci is a 19-year veteran of information technology and data security, including holding a CISSP certification. He has served in applications development, system architecture, project management, and business analyst roles in financial services, legal technology, and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
5/17/2017 | 6:41:22 PM
Data Access Governance becomes critical
Today the perimeter is too porous to protect data and IAM or DAG ( Data access governance) program will become necessary to feud and mitigate these types of attacks.  In the WannaCry latest development, it is essential to detect changes in file shares to be able to stall the attack and limit it to a few machines.  Hard to believr we are goign back to pure detection as prevention becomes more and more impossible.
richard0011
50%
50%
richard0011,
User Rank: Apprentice
5/17/2017 | 5:06:24 AM
Re: Cybersecurity Through Education
nice
PhilA345
100%
0%
PhilA345,
User Rank: Apprentice
5/16/2017 | 11:47:45 AM
Cybersecurity Through Education
Over 70% of data breaches and hacks occur due to some form of human error. End user education and cyber awareness training are the most important steps in preventing a future data breach. The impact of cyber awareness training is something that every organization should take into account when developing their cyber strategy. https://www.securable.io/blog/cyber-security-through-education-infographic
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12242
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
CVE-2018-12243
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths i...
CVE-2018-14792
PUBLISHED: 2018-09-19
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
CVE-2018-16607
PUBLISHED: 2018-09-19
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-16785
PUBLISHED: 2018-09-19
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell