Ransomware; changing the cyber landscape
The cyber security landscape is always changing and businesses need to keep up with the latest developments to minimise the chances of any public security breaches or incidents and avoid falling victim to the staggering costs associated with cyber security and getting your strategy wrong.
Organisations are often put out of action by very mundane things like simple misconfiguration. Even leading organisations, including several major financial service companies, have been taken offline by problems with a software update.
The latest cyber developments that are picking up steam is Ransomware.
According to security firm, Malwarebytes, almost two-fifths of businesses across the UK, US, Canada and Germany were hit over the course of the last year by a ransomware attack.
But what is Ransomware and how is it changing the cyber landscape?
What is Ransomware?
Ransomware is a type of malware which preys on victims for financial gain. Over the past couple of years there has been a rise in Ransomware attacks; where an attacker will encrypt a whole system and demand a fee to unlock it. Not only do the hackers demand a fee, but if the fee is not paid within a certain time period then all the encrypted files will be deleted. Technically all your infrastructure would be working, but your business could be crippled.
Ransomware is a type of malware which preys on victims for financial gain. Over the past couple of years, there has been a rise in Ransomware attacks; where an attacker will encrypt a whole system and demand a fee to unlock it. Not only do the hackers demand a fee, but if the fee is not paid within a certain time period then all the encrypted files will be deleted. Technically all your infrastructure would be working, but your business could be crippled.
Up until recently, the targets have been predominately home users who download an attachment or software that loads a custom script or app that searches the hosts PC for personal documents and then encrypts them. A warning message is then shown to tell the victim how much to pay to get the files decrypted. Payments are almost always in Bitcoin and usually, the attacker does decrypt the files if paid.
Malwarebytes Senior Security Researcher, Nathan Scott, commented, “Over the last four years, ransomware has evolved into one of the biggest cybersecurity threats in the wild, with instances of ransomware in exploit kits increasing 259% in the last five months alone.”
The new wave
Most ransomware code is easily downloadable as a software developer kit (SDK) that anyone can use to tailor the malicious malware to suit their needs. However, this has led to an increase in copycat ransomware that people have created, adding layers to the sophistication by for example creating a malware that once the victim has paid the bounty, the files are still encrypted, leaving the victim in a no better position than where they were, prior to paying for the decryption.
The encryption antilogarithms used by attackers has been getting more and more sophisticated as the authors gain more experience, making the encryption they use more sophisticated and as a result harder to break. A few of the big ransomware attacks in the past couple of years have had decrypters created by security researchers for free, however, as encryption standards continue to improve, this will prove to be a lot harder, and more expensive.
Back in February of this year, administrators at Hollywood Presbyterian Hospital in the US discovered they had lost access to their computers and were essentially unable to access any of their reports, patient records and appointments. Their system data had been targeted by a group of cyber criminals who had encrypted their files using a malicious software.
It took Hollywood Presbyterian Hospital two week to gain access to their data again, after paying a ransom of 40 bitcoin, the equivalent of $17,000, to regain access to their systems. During this time, with no access to their systems hospital staff had to redirect those in need of medical assistance to other hospitals in the area. Not only did the attack take valuable money from the hospital, but it also endangered many lives in the process.
With the sophistication of ransomware, the attacks are getting more agile, varied and widespread, and are increasingly taking aim at businesses of all sizes in all sectors, rather than consumers. The new wave of attacks has found a target in the financial sector, creating specific Trojans that allow them into financial institutions infrastructure to compromise their systems.
Dridex Trojan, one of the most advanced and dangerous Trojans, has been a prominent source of the financial industries troubles. Dridex, typically a spam email campaign operates on a vast scale, sending millions of new emails on a daily basis, uses multiple attacks including SMS attacks to bypass 2FA (2-factor authentication) and are getting harder to detect. Recent research has revealed that the new versions will be using RTF encrypted docs that are not able to be detected by current malware protection systems.
As the complexity of technology and the resourcefulness of hackers continues to grow, companies are having to move towards a hybrid IT model, and the demands of securing your infrastructure will increase.
It is no longer a matter of ‘if’ you will be compromised, but ‘when’ and how well you will cope.
To discover how QA Consulting can help your organisation detect, deter and defend cyber threats contact us
From this thread
6 related stories