Ransomware Everywhere: What’s The Technology Behind It?

Uploaded on 2016-05-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Transport & Travel

If you were worried about ransomware two years ago, you were almost certainly either a security specialist or a victim. According to the FBI, US companies paid $25 million in ransom last year, and it expects the 2016 total to be more than $200 million.

If my experiences during the early years of the phishing epidemic are any indication, the dire predictions will turn out to be wrong, because they weren’t dire enough.

Hackers jumped onto the phishing bandwagon by the thousand when they learned that there was an easy way to make money from their skills instead of plastering websites with graffiti. In the early days, stolen credit card numbers were as good as money in the hacker’s pocket. Today, the actual theft of the credit card numbers is only one step in a complex process of bank fraud.

Until recently, targeting businesses was work for specialist cybercriminals.
Also, attacks on critical infrastructure and the Internet of Things have also been rarely realised theoretical concerns. There are many hackers who would think that bringing down a power station with a cyberattack is cool, but making that happen would require a group effort to build the necessary hacker tool chain.

Over the past 30 years, the world has become increasingly dependent on computer systems and computer communications infrastructure. Shut down the net, and water stops flowing in the taps; the lights go out, and food stops appearing on the shelves in stores. A few days later, the public health emergency resulting from the loss of the sewage system is felt.

We live in a technology trap that, until recently, nobody has had both the means and the incentive to trigger. Ransomware is the game changer.

Current backup strategies were, for the most part, designed in the 1970s to deal with the problem of hardware failures and natural disasters. Enterprise backup systems make recovery from a ransomware attack possible, but they don’t make recovery quick or easy. And until recently, they didn’t need to. What was the chance that you would need to re-image every one of a thousand machines in your network from off-site backup?

Some of the recent ransomware attacks have targeted the backup strategies themselves. One particularly nasty example lurks silently in the background, providing transparent access to the locked files for 30 days or more, just enough time to let those back-ups to become overwritten.

Compounding the problem is the fact that disk storage has run far ahead of archive technology. A 6TB hard drive costs a couple of hundred dollars. The only readily available, cost effective archive medium for such a device is another 6TB hard drive.

As every backup storage vendor will attest, backup must always be the last line of defense. The first line must always be making sure that the machines don’t get infected in the first place.

All three prongs of anti-malware defense are now essential: Scan inbound email to eliminate executable payloads and links to malware sites; block access to the malware sites themselves; and run default-deny anti-virus on every computer.

That just leaves one small problem: How does the modern enterprise even know how many computers it has?

One of the main reasons hospitals have become ground zero for the ransomware attacks is that almost every modern medical device is now a computer. They are computers with highly specialized peripherals, but still computers, and many run the consumer operating systems the hackers already know how to subvert.

It is not uncommon, usual even, to find a multi-million dollar device such as an MRI machine running Windows XP Embedded, an operating system version that was last updated, when it was retired, in 2011 and is scheduled to have all support stopped on it at the end of this year.

Would doctors consider it acceptable to use a medicine five years after the manufacturer’s expiration date? They do that with equipment every day. Until recently, that hasn’t been a problem because even though vulnerabilities existed, there hasn’t been much of an incentive to create exploits targeting hospitals. Ransomware has changed that.

So how do the authorities bring the ransomware epidemic under control before it becomes a pandemic? The lesson we learned from the phishing epidemic was that the surest way to deter profit-motivated Internet crime was to cut off the money supply.

Arresting mules and money movers didn’t put the people behind the phishing scams behind bars, but it did reduce their earnings. The wholesale price of stolen card numbers collapsed as a series of new countermeasures made using them the hard part of the crime.

The infrastructure that makes ransomware possible is bitcoin and its imitators, and the epidemic will continue to grow until they are shut down.

The idea of shutting down bitcoin is controversial in the technology community, of course, but not in law enforcement. Those of us that have followed the Internet payments field since its start know that bitcoin is not the first, but merely the latest in a long list of similar schemes, all of which were ‘completely different’ to everything that had come before.

E-Gold, Gold Age, Liberty Reserve and dozens more all promised to be secure against the threat of government regulation until the day the FBI came calling.
 
Right now, ransomware isn’t quite enough of a problem for the regulators to make a move. If the problem gets worse at the same rate phishing did, they will have little choice.

Information-Management: http://bit.ly/1qn8CSm

« Hacking Team Postmortem
Syrian Government Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Apollo Secure

Apollo Secure

Apollo is an automated cybersecurity platform for startups and small businesses to achieve and maintain security compliance.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.