NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Threat and Exposure Research

Your Money or Your File(s)!

Growing up as a kid in the 80’s ransom used to be a simple thing. A bad person with a foreign accent would kidnap the loved one(s) of a square-jawed, wealthy protagonist and demand a large sum of money for their safe return.

But kidnapping someone’s significant other, their child, or even their beloved pet chihuahua is risky business. The criminals have to first identify a wealthy individual, then get physically close to kidnap the target without being seen or caught in the process. Then they have to have a safe location from where they can communicate the terms of ransom and hope they can get their money without being snared by the police.

The rewards may have been high, but the risks were even higher.

Pay Up

The evolution of Ransom

As the digital age has taken hold, one of the biggest threats that businesses, governments, and consumers all face is ransomware.

Ransomware is the digital rebirth of ransom, but with a twist. Instead of going after loved ones, ransomware targets data.

In recent years, crypto-ransomware has quickly become one of the most popular attacks for criminals. The ransomware targets files such as office documents and photos, and encrypt them.

Once the files have been encrypted, the ransomware will typically upload the private key to a remote server and then delete the local copy. The victim will then see a demand for payment.

In traditional terms, this would be the equivalent of a criminal locking a loved on in a cupboard in your own house – then taking the key and demanding payment within certain time to return the key.

How ransomware is spread

Ransomware typically infects a computer in one of two ways:

  1. Phishing is the tried and true method favoured by attackers. It’s easy, and cheap to send hundreds of thousands of emails containing malicious links. Even a 1% click rate can justify the investment.
  2. Exploit kits, or drive-by downloads are another popular technique. In this method a website is compromised, so that when a user visits it, the malicious code gets downloaded to the victim’s computer.

Payment of a ransom is done typically through Bitcoin, gift cards, prepaid debit cards, or other hard-to-trace mechanisms. All of which allow the attacker to make off with the money relatively easily.

While the payment of ransom may not completely guarantee the safe return of encrypted files, in most cases, criminals understand that much like a traditional business, reputation is important. In order to maintain credibility in the marketplace and continue to reap rewards, it is in their interest to restore files upon receipt of payment.

From a business perspective, ransomware is particularly shrewd. it removes all the risks associated with traditional old-fashioned ransom schemes whilst increasing the reward.

Some cyber-criminals have gone upstream and provide ransomware tools and services for others to use. For example, the Tox ransomware toolkit was free for hackers to download and distribute. Tox would be provided free of charge and in return would take a 20% cut of all ransom generated.

As if things couldn’t get worse, Shade ransomware has been found to using the TeamSpy RAT to do some thievery before encrypting the goods.

Last Chance

Recommendations

There is no single technique that can prevent all ransomware infections, however, employing certain strategies can reduce the risk, or impact of an infection.

  1. Disable macros in Microsoft office files.
  2. Install viewers so that users can view a document without having to open it.
  3. Carry out user training to remind users of the risks of opening attachments or clicking on links from unverified sources is beneficial.
  4. Apply the principle of least privilege to accounts so that fewer files can be infected.
  5. Segment your network, so that any infection is limited in how far it can spread.
  6. Use a good threat intelligence source to keep you abreast of the latest threats and their workings, Allowing quicker detection and response. AlienVault Open Threat Exchange (OTX) is one such source.
  7. Finally, maintain offsite backups so that if the worst does happen, most of the data can be recovered.
Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.