Operations

1/5/2017
01:30 PM
Rick Orloff
Rick Orloff
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Ransomware Is Only Going To Get Worse

The meteoric rise of the problem stems from a lack of preparedness and simple economics.

Ransomware is perhaps the most ingenious cybercrime in the history of the Internet in terms of its simplicity and effectiveness. It has caused absolute terror in nearly every industry, affecting almost 50% of organizations in 2016, and is considered one of the top cyberthreats to the enterprise for 2017.

According to the FBI, ransomware — malware that holds systems and data for ransom — cost victims $209 million in the first three months of 2016, yet totaled only $24 million in all of 2015. This astronomical rise in ransomware is motivated, in large part, by a lack of preparedness. And the problem will get worse before it gets better. But in order to understand the rise of ransomware, you need to understand its economics.

The Business of Ransomware
Traditional data from major breaches is starting to be worth less and less as the black market gets flooded with stolen records. Got your credit card stolen? Just call a toll-free number and the problem is fixed in minutes. Even the cost of prized electronic healthcare records is down 50% to 60% from last year. This means supply is exceeding demand. But at the same time, the price per ransom has continued to climb, and much of the data being ransomed is completely worthless on the black market. 

Innovations in online payments have also helped pave the way for the current ransomware epidemic. Similar to how some sites are the middlemen for sellers, Web-based "businesses" started to appear in early 2016 to act as proxies for data extortionists to post sensitive stolen data to add urgency to payment demands, sell the stolen data to a third-party, or utilize it in other ways. These Web vendors use a "Business 101" approach by providing an easy Bitcoin-based payment interface — currently worth $768 each (at the time of writing this) — and take a cut of every payment.

Popularity Breeds Pandemic
Because of ransomware's massive success, its creators are pushing new technologies to their limits, with the potential to infiltrate every data storage device between the Internet and any given company. And with the massive success of Mirai — the Internet of Things botnet that took down a portion of the Internet last fall — connected devices are poised to become the next big target, translating into even more ransomware. We are entering an age of ransomware that attacks smart homes, connected cars, and healthcare. Based on the recent ransomware attack on the San Francisco Municipal Transportation Agency (SFMTA), we may already be there. 

Ransomware itself isn't the vehicle of an attack; it's merely the infection mechanism. As ransomware rapidly evolves, it has never been easier to commit this crime, with a return on investment as high as 1,425% and a low level of risk. And as it proliferates, ransomware has forced the enterprise C-suite to learn there is no guarantee of prevention. The only true recourse is recovery.

Back Up Often, Recover Quickly
The ill-prepared organizations that continue to pay ransomware fuel its growth. With each successful ransom, bad actors become more emboldened, more innovative, and more profitable. 

But not everyone gives in. Consider the recent attack on the SFMTA. The agency not only didn't pay the ransom, it never even considered it! With a backup and recovery strategy in place, the SFMTA had all affected computers up and running within a few days. This best practice echoes what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. Just as important, ensure that backed-up files aren't susceptible to ransomware’s ability to infect multiple sources and backups.

The ransomware problem will get worse for businesses before it gets better, but there is some good news. According to a McAfee report, initiatives like No More Ransom! will start to slow attacks, leading to a significant drop-off in ransomware during the second half of 2017. Until then, companies need to put easy-to-use intuitive systems in place to mitigate risks and squash attacks, such as real-time recovery backup solutions in a cloud service provider. If you stop feeding the beast, ransomware will cease to exist.

Related Content:

Rick has more than 20 years of deep information security experience. Prior to joining Code42, Rick was VP and chief information security officer at eBay, led and built a variety of global security programs at Apple, and directed global security at Lam Research. Rick is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6157
PUBLISHED: 2019-04-22
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVE-2015-1343
PUBLISHED: 2019-04-22
All versions of unity-scope-gdrive logs search terms to syslog.
CVE-2016-1573
PUBLISHED: 2019-04-22
Versions of Unity8 before 8.11+16.04.20160122-0ubuntu1 file plugins/Dash/CardCreator.js will execute any code found in place of a fallback image supplied by a scope.
CVE-2016-1579
PUBLISHED: 2019-04-22
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C...
CVE-2016-1584
PUBLISHED: 2019-04-22
In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.