If your business uses computers, it is likely to be affected by ransomware at some point or another. Nearly 50 percent of organizations faced an attack during 2016 alone. Perhaps even more astonishing: 71 percent of entities targeted by ransomware end up infected. It’s no wonder criminals are flocking to this threat vector.
For those not familiar with ransomware, it is a form of malware that, when detonated on a target, encrypts the entire file system, rendering the device and all of its contents unusable. The victim then receives instructions on how to pay a ransom and (hopefully) obtain the private key to decrypt the data.
The ransomware “industry” reeled in roughly $209 million in payments last year. New FBI estimates claim this figure could reach $1 billion in 2017. The average ransom has risen from only $372 in 2014 to $679 in 2016, so what is causing the overall industry spike? An increase in threat actors is a likely contributor.
Traditionally, you would have needed a Mr. Robot-esque dream team of hackers to pull off massive phishing campaigns on a global level, and there are only so many of those groups around. But that is no longer the case with Satan Ransomware–as–a–Service (RaaS). Would-be attackers can now simply agree to cut a check for 30 percent of the revenue from their own phishing campaigns to the developers of Satan, and they’re in business.
From there, the RaaS users receive step-by–step instructions and downloads of custom–generated malware. Satan provides a “Customer Relationship Management” portal offering training and technical support. They even offer record-keeping for payments and transaction tracking. Essentially, the Satan developers give potential attackers the tools and techniques, and the newly enabled threat actors need only to hit “Go.”
Evidence shows that more and more people are being recruited to new cyber–criminal gangs, which don’t require any former experience or knowledge with computers. The following is an excerpt from a recruiting ad in an underground forum on the Russian Dark Web:
“This offer is for those who want to earn a lot of money via, shall we say, not a very righteous path. No fees or advance payments from you are required, only a large and pure desire to make money in your free time.”
With each passing day, the number of ransomware attacks continues to grow. It is critical to prepare your organization, and by taking a few easy steps, you can significantly reduce the risk of infection. Your two primary threat vectors involve exploit kits and phishing emails. Proper web and email filtering is a great first step for stopping malware from getting in, as is offering user awareness education on why it is important not to open emails from unknown senders and how to browse the web responsibly.
No matter how much prevention you put in place, however, attackers will eventually get something through. Investing in next–generation endpoint protection—such as Cylance—adds a crucial piece of the puzzle to prevent malware from executing. Remember, once malware runs, it’s game over for the local drive as well as any mapped drives. Your best bet then? Backups.
About the author: Chip Henderson joined Pondurance in November 2013 as a senior security consultant. He has eight years of experience in multiple infosec disciplines, including digital forensics/incident response, as well as enterprise pen-testing. Chip currently resides in St. Petersburg, Florida, where he works from the local Pondurance office and enjoys fishing on the bay.