Operations

1/5/2017
01:30 PM
Rick Orloff
Rick Orloff
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Ransomware Is Only Going To Get Worse

The meteoric rise of the problem stems from a lack of preparedness and simple economics.

Ransomware is perhaps the most ingenious cybercrime in the history of the Internet in terms of its simplicity and effectiveness. It has caused absolute terror in nearly every industry, affecting almost 50% of organizations in 2016, and is considered one of the top cyberthreats to the enterprise for 2017.

According to the FBI, ransomware — malware that holds systems and data for ransom — cost victims $209 million in the first three months of 2016, yet totaled only $24 million in all of 2015. This astronomical rise in ransomware is motivated, in large part, by a lack of preparedness. And the problem will get worse before it gets better. But in order to understand the rise of ransomware, you need to understand its economics.

The Business of Ransomware
Traditional data from major breaches is starting to be worth less and less as the black market gets flooded with stolen records. Got your credit card stolen? Just call a toll-free number and the problem is fixed in minutes. Even the cost of prized electronic healthcare records is down 50% to 60% from last year. This means supply is exceeding demand. But at the same time, the price per ransom has continued to climb, and much of the data being ransomed is completely worthless on the black market. 

Innovations in online payments have also helped pave the way for the current ransomware epidemic. Similar to how some sites are the middlemen for sellers, Web-based "businesses" started to appear in early 2016 to act as proxies for data extortionists to post sensitive stolen data to add urgency to payment demands, sell the stolen data to a third-party, or utilize it in other ways. These Web vendors use a "Business 101" approach by providing an easy Bitcoin-based payment interface — currently worth $768 each (at the time of writing this) — and take a cut of every payment.

Popularity Breeds Pandemic
Because of ransomware's massive success, its creators are pushing new technologies to their limits, with the potential to infiltrate every data storage device between the Internet and any given company. And with the massive success of Mirai — the Internet of Things botnet that took down a portion of the Internet last fall — connected devices are poised to become the next big target, translating into even more ransomware. We are entering an age of ransomware that attacks smart homes, connected cars, and healthcare. Based on the recent ransomware attack on the San Francisco Municipal Transportation Agency (SFMTA), we may already be there. 

Ransomware itself isn't the vehicle of an attack; it's merely the infection mechanism. As ransomware rapidly evolves, it has never been easier to commit this crime, with a return on investment as high as 1,425% and a low level of risk. And as it proliferates, ransomware has forced the enterprise C-suite to learn there is no guarantee of prevention. The only true recourse is recovery.

Back Up Often, Recover Quickly
The ill-prepared organizations that continue to pay ransomware fuel its growth. With each successful ransom, bad actors become more emboldened, more innovative, and more profitable. 

But not everyone gives in. Consider the recent attack on the SFMTA. The agency not only didn't pay the ransom, it never even considered it! With a backup and recovery strategy in place, the SFMTA had all affected computers up and running within a few days. This best practice echoes what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. Just as important, ensure that backed-up files aren't susceptible to ransomware’s ability to infect multiple sources and backups.

The ransomware problem will get worse for businesses before it gets better, but there is some good news. According to a McAfee report, initiatives like No More Ransom! will start to slow attacks, leading to a significant drop-off in ransomware during the second half of 2017. Until then, companies need to put easy-to-use intuitive systems in place to mitigate risks and squash attacks, such as real-time recovery backup solutions in a cloud service provider. If you stop feeding the beast, ransomware will cease to exist.

Related Content:

Rick has more than 20 years of deep information security experience. Prior to joining Code42, Rick was VP and chief information security officer at eBay, led and built a variety of global security programs at Apple, and directed global security at Lam Research. Rick is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15380
PUBLISHED: 2019-02-20
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster serv...
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...