Endpoint

12/22/2015
05:30 PM
Sara Peters
Sara Peters
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

2015 Ransomware Wrap-Up

Here's a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year.
Previous
1 of 5
Next

It's been a banner year for ransomware operators...and a nerve-wracking one for anybody responsible for securing endpoints. 

Although some of the malware may issue empty threats, some of it has proven just as nasty as it claims. Researchers found that 30 percent of organizations admitted they'd pay ransom requests, and even multiple police departments have succumbed to them, when nobody was able to recover their encrypted files or their back-ups.

In 2015 ransomware operators were innovative not only with their code but with their business models - and estimates of their returns on investment indicate that business is booming.

Here's a quick rundown of the new ransomware that hit the scene in 2015.

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/30/2015 | 10:29:06 AM
Re: Ransomware
Yes when there is a lot of feeds to analyze it is difficult to wittle through the genuine events and the noise. That's why it is imperative to hone your security products so the feeds received have a minimal amount of noise.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:06:25 AM
Re: Game theory
"...value of the data in question."

I agree with you there. There is a real issue in being publicized negatively, maybe ransom is the way to go for certain situations. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:03:55 AM
Re: Game theory
"suggest that the one-time payment may not be so bad"

That is true. I think they think paying ransom is easier way out than fighting with it, the reality is if they paid once they would most likely pay again.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 10:00:46 AM
Re: Ransomware
"The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason"

Agree. It is just hard to pay attention everything that comes to your face. Sometimes you realize it when it is too late.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:56:09 AM
Re: Ransomware
"A great way to try and stay ahead of ransomware is user awareness"

Agree. User awareness is key to many of our problems. It starts from there and goes up to finding and holding bad guys responsible. :--))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:52:54 AM
Encryption?
If they could not recover it because of encryption then we do have a sophisticated level of encryption algorithms that could not be broken yet, that is a actually good news at the same time. :--)))
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/30/2015 | 9:50:31 AM
30%?
 

I am surprised  the number: 30% of organizations paid ransom. That is quite profitable. Why are we not hearing those situation, they must be hiding something. :--))
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
12/29/2015 | 9:47:47 AM
Re: Game theory
@Joe, its quite the predicament. I think the decision needs to be made based off the value of the data in question. You do not want to make a habit of paying the ransom but sometimes the detriment of not paying may be too great.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/28/2015 | 12:43:36 PM
Game theory
It's interesting because -- at its most basic level -- game theory indicates that you never pay ransom on this sort of thing because you remain -- and have proven yourself -- susceptible in the future.  On the other hand, the fact that ransomware operators are approaching their extortion schemes similarly -- insofar as they have a business to run -- suggest that the one-time payment may not be so bad, because at the end of the day they're in this to make money, and they don't want word-of-mouth or anything else spreading indicating that if you pay the ransom bad things will continue to happen necessarily.
alphaa10
50%
50%
alphaa10,
User Rank: Strategist
12/24/2015 | 12:29:48 PM
Re: Ransomware
Since profitability is the focus of the new wave of ransomware, expect more rapid development and extremely adaptive anti-security measures. The driving objective now is not mere plunder, but the fullest possible extortion routine.

As the writer notes, under threat of data loss, victims can become accomplices in passing along their contagion through social networking. This means the threat vector now includes friends and associates who in some fashion cooperate with the extortioners.

Users, themselves, must understand ransomware of the common type sometimes can be evaded even after the extortion threat message appears-- provided the Windows system is shut down immediately without clicking on the message, while the payload is still confined to system memory.

The key to successful evasion is to pay more careful attention than ever to screen messages which seem genuine, but for some reason-- unfamiliar text, poor grammar, misspellings, etc.-- not quite right. Some message panels are convincing enough to bring a quick click, even if, only a second later, a user realizes that was a mistake.

Almost inevitably, however, user support technicians will not find only a pre-infection situation. Users typically do not know they are in trouble and call for help until they already have clicked on the message.

 

-------------------------------------------------------------------------


* PS to Dark Reading editorial staff-- please make it easier for readers to save articles in a single file. Some publications provide this capability under "Print Article" or "Save Article" options, to save the article as a single page. This enhancement will actually draw readers to your publication, whereas an article seen as merely more clickbait and a tedious, system-resource robbing slideshow will be ignored.
Page 1 / 2   >   >>
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark Reading,  12/6/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.