Ransomware Getting Easier For Both Bad Guys & ...

Network Computing Dark Reading

Advertise

About Us

Threaded | Newest First | Oldest First

[close this box]

unloadlocal.com,
User Rank: Apprentice
11/4/2014 | 9:49:00 PM

Numbers Game vs Dollars Game

It reminds me of the economics of SPAM. The typical SPAM campaign has a fairly low click rate, but it's worthwhile for the SPAMers because they know that there are a number of users, albeit small, that will click on anything, so when millions of emails get sent out the SPAMer can count of at least a few hundred to a few thousand users clicking on their links.

With ransomware, i'd say the cybercriminals are going for the same thing; numbers. I wouldn't be surprised however if we saw targeted ransomware campaigns in the future against businesses. The average home user might only be able to part with a couple hundred dollars, a business that is lacking the proper backup & recovery plan will be willing to pay much more for their business critical data.

@unloadlocal

www.unloadlocal.com

Reply | Post Message | Messages List | Start a Board

ODA155,
User Rank: Ninja
11/5/2014 | 11:33:31 AM

Re: Numbers Game vs Dollars Game

@ unloadlocal... yeah, just "Click Here".

Reply | Post Message | Messages List | Start a Board

Kelly Jackson Higgins,
User Rank: Strategist
11/5/2014 | 1:41:12 PM

Re: Numbers Game vs Dollars Game

@ODA155, thanks for reposting your comment. Sorry about the link panic. =)

Reply | Post Message | Messages List | Start a Board

ODA155,
User Rank: Ninja
11/5/2014 | 1:44:53 PM

Re: Numbers Game vs Dollars Game

@ Kelly Jackson Higgins,... I understand, better to be safe than to clean up a mess. :)

Reply | Post Message | Messages List | Start a Board

ODA155,
User Rank: Ninja
11/5/2014 | 9:55:02 AM

No Accountability...

"...but email phishing messages are still the most common method of ransomware distribution."

That will always be the case as long as there are people who will click on ANYTHING bright and shinny in their inbox. What I mean by "No Accountability" is that the only people who ever catch any flack in a corporation when a user is infected with a ransomware\malware are the security people... "How could this happen... why didn't our AV catch it first?", never do you hear about someone actually getting repremanded for endangering company resources.

Maybe it's time that companies started to hold these people accountable, because clearly education isn't working. I'm not saying they should be fired, but we have to do more than just reimage, restore and move on and hope that it doesn't happen again.

Reply | Post Message | Messages List | Start a Board

Kwattman,
User Rank: Black Belt
11/5/2014 | 2:33:59 PM

Re: No Accountability...

Sad but true. Security Awareness Training is one way to solve the problem - good training, not the annual death by PPT presentation. Gartner has an MQ on it now, just published and PCI DSS has also come out with a 25 page guideance on best practices for SAT. Users have always been the weakest link and should be billed and drilled on secure behavior practices over a period of time to create awareness. Accountability helps.

Reply | Post Message | Messages List | Start a Board

Marilyn Cohodas,
User Rank: Strategist
11/5/2014 | 3:51:22 PM

tech support to victims

This really takes the cake! I guess ransomware is becoming a full-service business.

Reply | Post Message | Messages List | Start a Board

theb0x,
User Rank: Ninja
11/5/2014 | 7:30:51 PM

Re: No Accountability...

Unfortunately Security Awareness Training is not a solution. Although it may prevent some attack vectors, these incidents will continue to occur and will still be successful. There are many users in any organization that even with extensive SAT will continue their behavior resulting in their machine/network being compromised. Yes, the user should be held accountable and a properly enforced AUP (Acceptable Use Policy) should be signed by all employees. Accountibility is also hard to enforce because more often User account privilges are not properly applied to network shares resulting in greater damage to a company. A proper ACL (Access Control List) also needs to be in place and audits need to be performed often. When a Ransomware incident does occur because a link is 'clicked', there is no indication to the End User the actions of the malicious payload being performed. The contents of your hard drive, removable storage, and networks shares are encrypting as a background proccess. How does a user have any knowledge of any wrong doing? It isn't until the encryption of your data is complete and the private key is securely transmitted to the bad guy that an actual Ransom message is displayed on the User's screen. But it's already too late. The damage is done.

Reply | Post Message | Messages List | Start a Board

PZav,
User Rank: Author
11/6/2014 | 1:20:46 PM

How Nice of Them

First off, "Johnson says that some criminals will even provide tech support to victims who have paid their ransom but have not been able to recover access to their systems and files." -- how nice of them! Unbelievalbe...

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

SecTor - Canada's IT Security Conference Oct 1-6 - Learn More

Black Hat USA - August 6-11 - Learn More

[FREE Virtual Event] The Identity Crisis

More Informa Tech Live Events

White Papers

Sumo Logic for Continuous Intelligence

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal

AppSec Considerations For Modern Application Development

The Many Facets of Modern Application Development

Endpoint Detection Net Suite Use Cases

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Black Hat USA 2022 Attendee Report

Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-2734
PUBLISHED: 2022-08-09

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2729
PUBLISHED: 2022-08-09

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2730
PUBLISHED: 2022-08-09

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2731
PUBLISHED: 2022-08-09

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2022-2732
PUBLISHED: 2022-08-09

Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]