Ransomware is fast shaping up to become our era ‘s defining online security issue. It’s a painfully basic premise, being executed by criminal gangs with growing complexity. A massive chunk of our lives is now digitally processed, whether these be images, videos, business plans or company databases. Yet too many of us were lazy in protecting those precious properties. The genius twist of the perpetrators is to know that they don’t have to steal the data to make money: they just have to make access difficult again — by encrypting it — until the victims pay up.
Ransomware was once a threat mainly to customers, but now it’s a serious business threat. Just last week, warnings were issued about a new wave of ransomware attacks against at least 31 large organizations in order to demand millions of dollars in ransoms. The attackers had breached targeted organizations’ networks and were laying the groundwork for their attacks in the process.
The vast majority of targets were household names, including eight Fortune 500 firms, computer security firm Symantec said: If the attack (by a group calling itself Evil Corp) had not been thwarted, it could have resulted in millions of losses and downtime, with the effect felt across the supply chain.
Most of the overblown hyperbole surrounding ransomware. It’s probably over the top to characterize these attacks by WastedLocker as part of the revenge by Evil Corp against the U.S. government after their members were arrested by the Department of Justice in December — which is how the New York Times viewed them. (Indeed, some have suggested that the group is simply trying to get less publicity right now, which is why it has not, so far, tried to publish stolen information from its victims.)
However it’s also true that these organisations are clever, professional and very well financed as about half of corporations are paying the ransoms.
According to researchers , for example, the group behind it has access to highly skilled exploit and software developers able to bypass network defences on all different levels.
How good? How good? If defences on target networks spot a variant of their malware, the party is often back after only a short time with an undetectable version.
In one case, the group went as far as posing as a potential customer to apply for a trial license for a security product that was not commonly available, says NCC Group’s FOX-IT.
The ransomware gangs targets have also grown. It’s no longer just about PCs; these gangs just want to go after the completely irreplaceable business assets, including file servers, database services, virtual machines and cloud environments. We will also search and encrypt any copies that are foolishly left linked to the network by organizations. All of this makes it much more difficult for victims to recover — unless they want to pay the ransom of course. And the attackers also seem willing to take a longer view; some of these attacks can take weeks or longer to go from the initial minor violation of network security to complete control of the corporate network of the victim.
Police forces are loath to prosecute, lacking officers skilled in high-tech crime, believing the suspects will be far from their reach and difficult to apprehend. Most businesses will prefer to pay up, return to business as usual and ignore the expense and burden of the whole thing.
Ransomware is quite possible to form the foundation of a new type of digital attack, used by nation states and others who actually want to disrupt networks. Wiper malware is ransomware that can not reverse encryption and data is lost forever. A few of these events have occurred but the fear is that they might become more commonplace.
Another concern is that those criminal groups will raise their sights even higher as they become more confident and better funded. One recent troubling trend is that criminals can both steal the data and encrypt the network. They then threaten to leak the data as a means of placing pressure on the victim to pay up.
These cyber criminals also spend weeks playing around in a network before launching their attack, ensuring they have time to learn key digital properties, such as emails from the CEO, allowing them to place even greater pressure on their victims.
The ransomware crisis is not clearly over in sight. Indeed, the probability is that it will get even worse.