Skip to main content

Ransomware is now your biggest online security nightmare. And it's about to get worse


Ransomware is rapidly shaping up to be the defining online security issue of our era. It’s a brutally simple idea, executed with increasing sophistication by criminal groups. A huge chunk of our lives is now stored digitally, whether that’s photos, videos, business plans or customer databases. But too many of us have been lazy about securing these vital assets. The criminals’ brilliant twist is to realise they don’t have to steal that data to make money: they just have to make it impossible access again — by encrypting it — unless the victims pay up.
Ransomware was once a menace mainly for consumers, but now it’s a significant threat to business. Just last week, there were warnings about a new wave of ransomware attacks against at least 31 large organisations with the aim of demanding millions of dollars in ransom. The attackers had breached the networks of targeted organizations and were in the process of laying the groundwork for their attacks.
The vast majority of targets were household names, including eight Fortune 500 companies, tech security company Symantec said: if the attack (by a group calling itself Evil Corp) hadn’t been disrupted, it could have led to millions in damages and downtime, with the impact felt through the supply chain.
Some of the hyperbole around ransomware is overblown. It’s probably over the top to describe these WastedLocker attacks as part of Evil Corp’s retaliation against the US government after its leaders were indicted by the Justice Department in December — which is how The New York Times interpreted them. (Indeed, others have argued that the gang is actually trying to attract less attention right now, which is why, so far, it has not threatened to publish information stolen from its victims.)
But it’s also true that these groups are smart, sophisticated and, because around half of companies pay the ransoms, very well funded.
For example the group behind it have access to highly skilled exploit and software developers’ capable of bypassing network defences on all different levels, according to researchers.
How skilled? When a version of their malware is spotted by the defences on victim networks, the group is often back with an undetectable version after just a short time.
In one case the group went so far as to pose as a potential customer to request a trial licence for a security product that was not commonly available, says FOX-IT, part of NCC Group.
The targets of the ransomware gangs have evolved, too. It’s not just about PCs anymore; these gangs want to go after the really irreplaceable business assets too, which means file servers, database services, virtual machines and cloud environments. They’ll also search out and encrypt any backups that organisations foolishly leave connected to the network. All of this makes it much harder for victims to recover — unless of course they want to pay that ransom. And the attackers seem willing to take a longer view too; some of these attacks can take weeks or longer to go from the initial minor breach of network security through to complete control of the victim’s corporate network.
Police forces, lacking officers trained in high-tech crime, are loath to investigate knowing that the perpetrators will be far from their jurisdiction and impossible to catch. Many businesses would rather pay up, return to business as usual and forget about the cost and the stress of the whole thing.
It’s quite possible that ransomware will form the core of a new type of a digital attack, used by nation states and others who simply want to destroy networks. Wiper malware is ransomware whose encryption can’t be reversed, so the data is lost forever. There have been a few of these incidents, but the fear is they could become more mainstream.
Another concern is that, as they become more confident and better funded, these criminal groups will raise their sights even higher. One new worrying trend is that gangs will steal the data as well as encrypting the network. They then threaten to leak the data as a means of pressuring the victim into paying up.
These cyber-criminals often spend weeks poking around in a network before they make their attack, which means they have time to understand key digital assets, like the CEO’s emails for example, allowing them to put even more pressure on their victims.
There’s no obvious end to the ransomware nightmare in sight. Indeed, the likelihood is it will get even worse.

Originally published at https://www.zdnet.com 

Comments

Post a Comment

Popular posts from this blog

Google can now help you figure out that song stuck in your head - all you have to do is hum (or whistle) into your phone

  Google just launched its “hum to search” feature, which allows users to hum, whistle, or sing for 10–15 seconds in order to identify a song. The feature currently works in 20 languages, and Google hopes to add more. Google has finally launched the perfect feature for when a song is stuck in your head but you don’t know any of the words. “Hum to search” launched today on both the Google app for iOS and Android, according to Google’s blog, The Keyword. Users can also whistle or sing directly into the mic to identify a song. The technology works like this: the user can hum (whistle, or sing) for 10–15 seconds, and then Google’s technology takes the song’s melody and turns it into a numbers-based sequence. From there, the sequence can be used to “identify songs based on a variety of sources, including humans singing, whistling or humming, as well as studio recordings,” according to Google’s announcement. The sequence also strips away any other outside noise, like accompanying instru...
Post a Comment
Read more

Ransomware's Dangerous New Trick Is Double-Encrypting Your Data

  Ransomware groups have always taken a more-is-more approach . If a victim pays a ransom and then goes back to business as usual-hit them again. Or don’t just encrypt a target’s systems; steal their data first, so you can threaten to leak it if they don’t pay up. The latest escalation? Ransomware hackers who encrypt a victim’s data twice at the same time. Double-encryption attacks have happened before, usually stemming from two separate ransomware gangs compromising the same victim at the same time. But antivirus company Emsisoft says it is aware of dozens of incidents in which the same actor or group intentionally layers two types of ransomware on top of each other. “The groups are constantly trying to work out which strategies are best , which net them the most money for the least amount of effort,” says Emsisoft threat analyst Brett Callow. “So in this approach you have a single actor deploying two types of ransomware. The victim decrypts their data and discovers it’s not act...
Post a Comment
Read more

WhatsApp Users Exchanged Over 100 Billion Messages on New Year’s Eve, A New Record

WhatsApp is one of the most widely used communication apps on the planet and as such, clocks an insane number of messages and media exchanges on a daily basis. But the New Year's Eve broke a record that has been standing since WhatsApp's debut a decade ago. WhatsApp has revealed that users exchanged over 100 billion messages on New Year's eve. And out of that number, more than 20 billion messages were shared by Indian users alone. Moreover, around 12 billion out of the 100 billion+ messages shared on the platform were images. WhatsApp wrote in a press release that over 100 billion messages were shared globally on December 31 in the 24-hour duration leading up to the midnight of New Year's Eve. This is a record-breaking volume and is the highest number of messages exchanged in a single day ever since WhatsApp kicked off its services ten years ago. Out of those 100 billion+ messages shared on New Year's eve, WhatsApp says over 12 billion were images. Meanwhile...
Post a Comment
Read more