Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Ransomware Getting Easier For Both Bad Guys & Victims
Threaded  |  Newest First  |  Oldest First
unloadlocal.com
unloadlocal.com,
User Rank: Apprentice
11/4/2014 | 9:49:00 PM
Numbers Game vs Dollars Game
It reminds me of the economics of SPAM. The typical SPAM campaign has a fairly low click rate, but it's worthwhile for the SPAMers because they know that there are a number of users, albeit small, that will click on anything, so when millions of emails get sent out the SPAMer can count of at least a few hundred to a few thousand users clicking on their links.

With ransomware, i'd say the cybercriminals are going for the same thing; numbers. I wouldn't be surprised however if we saw targeted ransomware campaigns in the future against businesses. The average home user might only be able to part with a couple hundred dollars, a business that is lacking the proper backup & recovery plan will be willing to pay much more for their business critical data.

@unloadlocal

www.unloadlocal.com
ODA155
ODA155,
User Rank: Ninja
11/5/2014 | 11:33:31 AM
Re: Numbers Game vs Dollars Game
@ unloadlocal... yeah, just "Click Here".
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
11/5/2014 | 1:41:12 PM
Re: Numbers Game vs Dollars Game
@ODA155, thanks for reposting your comment. Sorry about the link panic. =)
ODA155
ODA155,
User Rank: Ninja
11/5/2014 | 1:44:53 PM
Re: Numbers Game vs Dollars Game
@ Kelly Jackson Higgins,... I understand, better to be safe than to clean up a mess. :)
ODA155
ODA155,
User Rank: Ninja
11/5/2014 | 9:55:02 AM
No Accountability...
"...but email phishing messages are still the most common method of ransomware distribution."

That will always be the case as long as there are people who will click on ANYTHING bright and shinny in their inbox. What I mean by "No Accountability" is that the only people who ever catch any flack in a corporation when a user is infected with a ransomware\malware are the security people... "How could this happen... why didn't our AV catch it first?", never do you hear about someone actually getting repremanded for endangering company resources.

Maybe it's time that companies started to hold these people accountable, because clearly education isn't working. I'm not saying they should be fired, but we have to do more than just reimage, restore and move on and hope that it doesn't happen again.
Kwattman
Kwattman,
User Rank: Black Belt
11/5/2014 | 2:33:59 PM
Re: No Accountability...
Sad but true. Security Awareness Training is one way to solve the problem - good training, not the annual death by PPT presentation. Gartner has an MQ on it now, just published and PCI DSS has also come out with a 25 page guideance on best practices for SAT. Users have always been the weakest link and should be billed and drilled on secure behavior practices over a period of time to create awareness. Accountability helps.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
11/5/2014 | 3:51:22 PM
tech support to victims
This really takes the cake! I guess ransomware is becoming a full-service business. 
theb0x
theb0x,
User Rank: Ninja
11/5/2014 | 7:30:51 PM
Re: No Accountability...
Unfortunately Security Awareness Training is not a solution. Although it may prevent some attack vectors, these incidents will continue to occur and will still be successful. There are many users in any organization that even with extensive SAT will continue their behavior resulting in their machine/network being compromised. Yes, the user should be held accountable and a properly enforced AUP (Acceptable Use Policy) should be signed by all employees. Accountibility is also hard to enforce because more often User account privilges are not properly applied to network shares resulting in greater damage to a company. A proper ACL (Access Control List) also needs to be in place and audits need to be performed often. When a Ransomware incident does occur because a link is 'clicked', there is no indication to the End User the actions of the malicious payload being performed. The contents of your hard drive, removable storage, and networks shares are encrypting as a background proccess. How does a user have any knowledge of any wrong doing? It isn't until the encryption of your data is complete and the private key is securely transmitted to the bad guy that an actual Ransom message is displayed on the User's screen. But it's already too late. The damage is done. 
PZav
PZav,
User Rank: Author
11/6/2014 | 1:20:46 PM
How Nice of Them
First off, "Johnson says that some criminals will even provide tech support to victims who have paid their ransom but have not been able to recover access to their systems and files." -- how nice of them! Unbelievalbe...

 

 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2734
PUBLISHED: 2022-08-09
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2729
PUBLISHED: 2022-08-09
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2730
PUBLISHED: 2022-08-09
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2731
PUBLISHED: 2022-08-09
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2732
PUBLISHED: 2022-08-09
Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.