Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Ransomware Getting Easier For Both Bad Guys & Victims
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
11/6/2014 | 1:20:46 PM
How Nice of Them
First off, "Johnson says that some criminals will even provide tech support to victims who have paid their ransom but have not been able to recover access to their systems and files." -- how nice of them! Unbelievalbe...


User Rank: Ninja
11/5/2014 | 7:30:51 PM
Re: No Accountability...
Unfortunately Security Awareness Training is not a solution. Although it may prevent some attack vectors, these incidents will continue to occur and will still be successful. There are many users in any organization that even with extensive SAT will continue their behavior resulting in their machine/network being compromised. Yes, the user should be held accountable and a properly enforced AUP (Acceptable Use Policy) should be signed by all employees. Accountibility is also hard to enforce because more often User account privilges are not properly applied to network shares resulting in greater damage to a company. A proper ACL (Access Control List) also needs to be in place and audits need to be performed often. When a Ransomware incident does occur because a link is 'clicked', there is no indication to the End User the actions of the malicious payload being performed. The contents of your hard drive, removable storage, and networks shares are encrypting as a background proccess. How does a user have any knowledge of any wrong doing? It isn't until the encryption of your data is complete and the private key is securely transmitted to the bad guy that an actual Ransom message is displayed on the User's screen. But it's already too late. The damage is done. 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/5/2014 | 3:51:22 PM
tech support to victims
This really takes the cake! I guess ransomware is becoming a full-service business. 
User Rank: Black Belt
11/5/2014 | 2:33:59 PM
Re: No Accountability...
Sad but true. Security Awareness Training is one way to solve the problem - good training, not the annual death by PPT presentation. Gartner has an MQ on it now, just published and PCI DSS has also come out with a 25 page guideance on best practices for SAT. Users have always been the weakest link and should be billed and drilled on secure behavior practices over a period of time to create awareness. Accountability helps.
User Rank: Ninja
11/5/2014 | 1:44:53 PM
Re: Numbers Game vs Dollars Game
@ Kelly Jackson Higgins,... I understand, better to be safe than to clean up a mess. :)
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
11/5/2014 | 1:41:12 PM
Re: Numbers Game vs Dollars Game
@ODA155, thanks for reposting your comment. Sorry about the link panic. =)
User Rank: Ninja
11/5/2014 | 11:33:31 AM
Re: Numbers Game vs Dollars Game
@ unloadlocal... yeah, just "Click Here".
User Rank: Ninja
11/5/2014 | 9:55:02 AM
No Accountability...
"...but email phishing messages are still the most common method of ransomware distribution."

That will always be the case as long as there are people who will click on ANYTHING bright and shinny in their inbox. What I mean by "No Accountability" is that the only people who ever catch any flack in a corporation when a user is infected with a ransomware\malware are the security people... "How could this happen... why didn't our AV catch it first?", never do you hear about someone actually getting repremanded for endangering company resources.

Maybe it's time that companies started to hold these people accountable, because clearly education isn't working. I'm not saying they should be fired, but we have to do more than just reimage, restore and move on and hope that it doesn't happen again.
User Rank: Apprentice
11/4/2014 | 9:49:00 PM
Numbers Game vs Dollars Game
It reminds me of the economics of SPAM. The typical SPAM campaign has a fairly low click rate, but it's worthwhile for the SPAMers because they know that there are a number of users, albeit small, that will click on anything, so when millions of emails get sent out the SPAMer can count of at least a few hundred to a few thousand users clicking on their links.

With ransomware, i'd say the cybercriminals are going for the same thing; numbers. I wouldn't be surprised however if we saw targeted ransomware campaigns in the future against businesses. The average home user might only be able to part with a couple hundred dollars, a business that is lacking the proper backup & recovery plan will be willing to pay much more for their business critical data.



I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-06-26
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs in...
PUBLISHED: 2022-06-25
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template sy...
PUBLISHED: 2022-06-25
Raytion 7.2.0 allows reflected Cross-site Scripting (XSS).
PUBLISHED: 2022-06-25
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the serve...
PUBLISHED: 2022-06-25
Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated A...