Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Ransomware Getting Easier For Both Bad Guys & Victims
Newest First  |  Oldest First  |  Threaded View
PZav
PZav,
User Rank: Author
11/6/2014 | 1:20:46 PM
How Nice of Them
First off, "Johnson says that some criminals will even provide tech support to victims who have paid their ransom but have not been able to recover access to their systems and files." -- how nice of them! Unbelievalbe...

 

 
theb0x
theb0x,
User Rank: Ninja
11/5/2014 | 7:30:51 PM
Re: No Accountability...
Unfortunately Security Awareness Training is not a solution. Although it may prevent some attack vectors, these incidents will continue to occur and will still be successful. There are many users in any organization that even with extensive SAT will continue their behavior resulting in their machine/network being compromised. Yes, the user should be held accountable and a properly enforced AUP (Acceptable Use Policy) should be signed by all employees. Accountibility is also hard to enforce because more often User account privilges are not properly applied to network shares resulting in greater damage to a company. A proper ACL (Access Control List) also needs to be in place and audits need to be performed often. When a Ransomware incident does occur because a link is 'clicked', there is no indication to the End User the actions of the malicious payload being performed. The contents of your hard drive, removable storage, and networks shares are encrypting as a background proccess. How does a user have any knowledge of any wrong doing? It isn't until the encryption of your data is complete and the private key is securely transmitted to the bad guy that an actual Ransom message is displayed on the User's screen. But it's already too late. The damage is done. 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/5/2014 | 3:51:22 PM
tech support to victims
This really takes the cake! I guess ransomware is becoming a full-service business. 
Kwattman
Kwattman,
User Rank: Black Belt
11/5/2014 | 2:33:59 PM
Re: No Accountability...
Sad but true. Security Awareness Training is one way to solve the problem - good training, not the annual death by PPT presentation. Gartner has an MQ on it now, just published and PCI DSS has also come out with a 25 page guideance on best practices for SAT. Users have always been the weakest link and should be billed and drilled on secure behavior practices over a period of time to create awareness. Accountability helps.
ODA155
ODA155,
User Rank: Ninja
11/5/2014 | 1:44:53 PM
Re: Numbers Game vs Dollars Game
@ Kelly Jackson Higgins,... I understand, better to be safe than to clean up a mess. :)
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
11/5/2014 | 1:41:12 PM
Re: Numbers Game vs Dollars Game
@ODA155, thanks for reposting your comment. Sorry about the link panic. =)
ODA155
ODA155,
User Rank: Ninja
11/5/2014 | 11:33:31 AM
Re: Numbers Game vs Dollars Game
@ unloadlocal... yeah, just "Click Here".
ODA155
ODA155,
User Rank: Ninja
11/5/2014 | 9:55:02 AM
No Accountability...
"...but email phishing messages are still the most common method of ransomware distribution."

That will always be the case as long as there are people who will click on ANYTHING bright and shinny in their inbox. What I mean by "No Accountability" is that the only people who ever catch any flack in a corporation when a user is infected with a ransomware\malware are the security people... "How could this happen... why didn't our AV catch it first?", never do you hear about someone actually getting repremanded for endangering company resources.

Maybe it's time that companies started to hold these people accountable, because clearly education isn't working. I'm not saying they should be fired, but we have to do more than just reimage, restore and move on and hope that it doesn't happen again.
unloadlocal.com
unloadlocal.com,
User Rank: Apprentice
11/4/2014 | 9:49:00 PM
Numbers Game vs Dollars Game
It reminds me of the economics of SPAM. The typical SPAM campaign has a fairly low click rate, but it's worthwhile for the SPAMers because they know that there are a number of users, albeit small, that will click on anything, so when millions of emails get sent out the SPAMer can count of at least a few hundred to a few thousand users clicking on their links.

With ransomware, i'd say the cybercriminals are going for the same thing; numbers. I wouldn't be surprised however if we saw targeted ransomware campaigns in the future against businesses. The average home user might only be able to part with a couple hundred dollars, a business that is lacking the proper backup & recovery plan will be willing to pay much more for their business critical data.

@unloadlocal

www.unloadlocal.com


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42247
PUBLISHED: 2022-10-03
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
CVE-2022-41443
PUBLISHED: 2022-10-03
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
CVE-2022-33882
PUBLISHED: 2022-10-03
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
CVE-2022-42306
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVE-2022-42307
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.