Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

1/5/2017
01:30 PM
Rick Orloff
Rick Orloff
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Ransomware Is Only Going To Get Worse

The meteoric rise of the problem stems from a lack of preparedness and simple economics.

Ransomware is perhaps the most ingenious cybercrime in the history of the Internet in terms of its simplicity and effectiveness. It has caused absolute terror in nearly every industry, affecting almost 50% of organizations in 2016, and is considered one of the top cyberthreats to the enterprise for 2017.

According to the FBI, ransomware — malware that holds systems and data for ransom — cost victims $209 million in the first three months of 2016, yet totaled only $24 million in all of 2015. This astronomical rise in ransomware is motivated, in large part, by a lack of preparedness. And the problem will get worse before it gets better. But in order to understand the rise of ransomware, you need to understand its economics.

The Business of Ransomware
Traditional data from major breaches is starting to be worth less and less as the black market gets flooded with stolen records. Got your credit card stolen? Just call a toll-free number and the problem is fixed in minutes. Even the cost of prized electronic healthcare records is down 50% to 60% from last year. This means supply is exceeding demand. But at the same time, the price per ransom has continued to climb, and much of the data being ransomed is completely worthless on the black market. 

Innovations in online payments have also helped pave the way for the current ransomware epidemic. Similar to how some sites are the middlemen for sellers, Web-based "businesses" started to appear in early 2016 to act as proxies for data extortionists to post sensitive stolen data to add urgency to payment demands, sell the stolen data to a third-party, or utilize it in other ways. These Web vendors use a "Business 101" approach by providing an easy Bitcoin-based payment interface — currently worth $768 each (at the time of writing this) — and take a cut of every payment.

Popularity Breeds Pandemic
Because of ransomware's massive success, its creators are pushing new technologies to their limits, with the potential to infiltrate every data storage device between the Internet and any given company. And with the massive success of Mirai — the Internet of Things botnet that took down a portion of the Internet last fall — connected devices are poised to become the next big target, translating into even more ransomware. We are entering an age of ransomware that attacks smart homes, connected cars, and healthcare. Based on the recent ransomware attack on the San Francisco Municipal Transportation Agency (SFMTA), we may already be there. 

Ransomware itself isn't the vehicle of an attack; it's merely the infection mechanism. As ransomware rapidly evolves, it has never been easier to commit this crime, with a return on investment as high as 1,425% and a low level of risk. And as it proliferates, ransomware has forced the enterprise C-suite to learn there is no guarantee of prevention. The only true recourse is recovery.

Back Up Often, Recover Quickly
The ill-prepared organizations that continue to pay ransomware fuel its growth. With each successful ransom, bad actors become more emboldened, more innovative, and more profitable. 

But not everyone gives in. Consider the recent attack on the SFMTA. The agency not only didn't pay the ransom, it never even considered it! With a backup and recovery strategy in place, the SFMTA had all affected computers up and running within a few days. This best practice echoes what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. Just as important, ensure that backed-up files aren't susceptible to ransomware’s ability to infect multiple sources and backups.

The ransomware problem will get worse for businesses before it gets better, but there is some good news. According to a McAfee report, initiatives like No More Ransom! will start to slow attacks, leading to a significant drop-off in ransomware during the second half of 2017. Until then, companies need to put easy-to-use intuitive systems in place to mitigate risks and squash attacks, such as real-time recovery backup solutions in a cloud service provider. If you stop feeding the beast, ransomware will cease to exist.

Related Content:

Rick has more than 20 years of deep information security experience. Prior to joining Code42, Rick was VP and chief information security officer at eBay, led and built a variety of global security programs at Apple, and directed global security at Lam Research. Rick is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-19230
PUBLISHED: 2019-12-09
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.