Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

1/5/2017
01:30 PM
Rick Orloff
Rick Orloff
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Ransomware Is Only Going To Get Worse

The meteoric rise of the problem stems from a lack of preparedness and simple economics.

Ransomware is perhaps the most ingenious cybercrime in the history of the Internet in terms of its simplicity and effectiveness. It has caused absolute terror in nearly every industry, affecting almost 50% of organizations in 2016, and is considered one of the top cyberthreats to the enterprise for 2017.

According to the FBI, ransomware — malware that holds systems and data for ransom — cost victims $209 million in the first three months of 2016, yet totaled only $24 million in all of 2015. This astronomical rise in ransomware is motivated, in large part, by a lack of preparedness. And the problem will get worse before it gets better. But in order to understand the rise of ransomware, you need to understand its economics.

The Business of Ransomware
Traditional data from major breaches is starting to be worth less and less as the black market gets flooded with stolen records. Got your credit card stolen? Just call a toll-free number and the problem is fixed in minutes. Even the cost of prized electronic healthcare records is down 50% to 60% from last year. This means supply is exceeding demand. But at the same time, the price per ransom has continued to climb, and much of the data being ransomed is completely worthless on the black market. 

Innovations in online payments have also helped pave the way for the current ransomware epidemic. Similar to how some sites are the middlemen for sellers, Web-based "businesses" started to appear in early 2016 to act as proxies for data extortionists to post sensitive stolen data to add urgency to payment demands, sell the stolen data to a third-party, or utilize it in other ways. These Web vendors use a "Business 101" approach by providing an easy Bitcoin-based payment interface — currently worth $768 each (at the time of writing this) — and take a cut of every payment.

Popularity Breeds Pandemic
Because of ransomware's massive success, its creators are pushing new technologies to their limits, with the potential to infiltrate every data storage device between the Internet and any given company. And with the massive success of Mirai — the Internet of Things botnet that took down a portion of the Internet last fall — connected devices are poised to become the next big target, translating into even more ransomware. We are entering an age of ransomware that attacks smart homes, connected cars, and healthcare. Based on the recent ransomware attack on the San Francisco Municipal Transportation Agency (SFMTA), we may already be there. 

Ransomware itself isn't the vehicle of an attack; it's merely the infection mechanism. As ransomware rapidly evolves, it has never been easier to commit this crime, with a return on investment as high as 1,425% and a low level of risk. And as it proliferates, ransomware has forced the enterprise C-suite to learn there is no guarantee of prevention. The only true recourse is recovery.

Back Up Often, Recover Quickly
The ill-prepared organizations that continue to pay ransomware fuel its growth. With each successful ransom, bad actors become more emboldened, more innovative, and more profitable. 

But not everyone gives in. Consider the recent attack on the SFMTA. The agency not only didn't pay the ransom, it never even considered it! With a backup and recovery strategy in place, the SFMTA had all affected computers up and running within a few days. This best practice echoes what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. Just as important, ensure that backed-up files aren't susceptible to ransomware’s ability to infect multiple sources and backups.

The ransomware problem will get worse for businesses before it gets better, but there is some good news. According to a McAfee report, initiatives like No More Ransom! will start to slow attacks, leading to a significant drop-off in ransomware during the second half of 2017. Until then, companies need to put easy-to-use intuitive systems in place to mitigate risks and squash attacks, such as real-time recovery backup solutions in a cloud service provider. If you stop feeding the beast, ransomware will cease to exist.

Related Content:

Rick has more than 20 years of deep information security experience. Prior to joining Code42, Rick was VP and chief information security officer at eBay, led and built a variety of global security programs at Apple, and directed global security at Lam Research. Rick is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...