Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/15/2017
10:00 AM
Brian Vecci
Brian Vecci
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Your Grandma Could Be the Next Ransomware Millionaire

Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.

HELP WANTED: Are you looking to pad your golden years and increase your grandkids' birthday money? Forget about reverse mortgages; instead, join our network of ransomware agents. If you can play bridge online, you can run your own ransomware campaign.

The billion-dollar ransomware business, and fifth-highest distributed malware according to the 2017 Verizon DBIR, is now accessible to anyone — no technical expertise required. Just like you can use an app to get a date, a ride, or even a mortgage, today's as-a-service technology has democratized ransomware, offering no-skilled criminals — or grandmothers who need a little extra cash — a low-friction way to get in on the game. And it's having an impact on enterprises. 

The first ransomware criminals had to build malware and sneak it inside an organization — usually accomplished with a convincing phishing campaign. Once inside, the malware locks down valuable data and holds it for ransom. The more targets an attacker hits, the better their return.

Now, with ransomware-as-a-service, attackers no longer have to build and maintain their own malware, develop an infrastructure, or manage an attack — all they need to do is sign up, offer a few grandkids' or pesky neighbors' emails, and pay a percentage as a service fee.

Ransomware-as-a-service strains like Cerber and Karmen — and now WannaCry — are dominating information security headlines and Twitter feeds, even unseating Locky from the ransomware throne. Both variants offer as-a-service models that lower the barrier to entry and provide graphical dashboards on metrics like infection rates and ransoms paid. Customers can even increase their ransom price.

RaaS: Best Tools at the Best Price
Similar to how legitimate SaaS offerings allow organizations to outsource parts of their business and infrastructure, ransomware criminals can now outsource managing and maintaining their ransomware practice. Ransomware-as-a-service providers — just like their legitimate SaaS counterparts — have an interest in making sure their customers (like grandma) have access to the best tools at competitive prices so that more will choose their service. When one threat vector closes, their business revenue is affected, so it's in their best interest to deploy updates and stay ahead of the technologies and practitioners working to stop them.

Organizations should expect the number of attacks to continue to increase, thanks to ransomware's low barrier to entry and increased sophistication due to competition between ransomware-as-a-service businesses that fight to stay ahead of each other and enterprise malware detection efforts. 

Though as-a-service ransomware may increase the frequency and sophistication of attacks, the key strategies that organizations need to employ to address ransomware and other threats remain the same:

  • Protect data from the inside. The perimeter isn’t going to protect against code running inside the firewall. Determined attackers will likely be able to get inside the network (if there's even such a thing as "inside" any more), so assuming a strong perimeter will protect you by itself may mean that your security inside the perimeter leaves you at risk.
  • Rethink your access rights. In the recent 2017 Varonis Data Risk Report, an average 20% of all folders within an organization are open to everyone. That means that only one user needs to make a mistake and become infected with ransomware to take down 20% of your shared files. Make sure that only the right people have access to what they're supposed to and data isn't accessible to every employee.
  • Monitor everything. You can't catch what you can't see, and monitoring the data that's at risk is critical. Nobody breaks into the bank to steal the pens, so make sure that you're looking at how users access data so you know when something goes wrong. Here's a hint: if you've missed a ransomware attack, you've definitely missed just about any other data-centric attack. Ransomware is the easiest attack to spot if you're watching how file systems are being used.
  • Have a remediation plan. Finally, organizations should regularly perform backups of their file system, especially critical and sensitive data, and have a remediation plan to find and restore compromised data in the case of ransomware and other cyber attacks.

Related Content

 

Brian Vecci is a 19-year veteran of information technology and data security, including holding a CISSP certification. He has served in applications development, system architecture, project management, and business analyst roles in financial services, legal technology, and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
5/17/2017 | 6:41:22 PM
Data Access Governance becomes critical
Today the perimeter is too porous to protect data and IAM or DAG ( Data access governance) program will become necessary to feud and mitigate these types of attacks.  In the WannaCry latest development, it is essential to detect changes in file shares to be able to stall the attack and limit it to a few machines.  Hard to believr we are goign back to pure detection as prevention becomes more and more impossible.
richard0011
50%
50%
richard0011,
User Rank: Apprentice
5/17/2017 | 5:06:24 AM
Re: Cybersecurity Through Education
nice
PhilA345
100%
0%
PhilA345,
User Rank: Apprentice
5/16/2017 | 11:47:45 AM
Cybersecurity Through Education
Over 70% of data breaches and hacks occur due to some form of human error. End user education and cyber awareness training are the most important steps in preventing a future data breach. The impact of cyber awareness training is something that every organization should take into account when developing their cyber strategy. https://www.securable.io/blog/cyber-security-through-education-infographic
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .