//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Ransomware Is Not a “Malware Problem” – It’s a Criminal Business Model


PANW-New-Logo-3

Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective in generating revenue for cybercriminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – all are potential targets.

Ransomware has existed in various forms for decades; but, in the last three years, criminals have perfected the key components of these attacks. This has led to an explosion of new malware families, which make the technique work, and drawn new actors into participating in these lucrative schemes.

To execute a successful ransomware attack, an adversary must be able to do the following:

  1. Take control of a system or device.
  2. Prevent the owner of the controlled device from accessing it, either partially or completely.
  3. Alert the owner that the device has been held for ransom, indicating the method and amount to be paid.
  4. Accept payment from the device owner.
  5. Return full access to the device owner after payment has been received.

If the attacker fails in any of these steps, the scheme will be unsuccessful. While the concept of ransomware has existed for decades, the technology and techniques required to complete all five of these steps at a wide scale were not available until just a few years ago. The resulting wave of attacks using this scheme has impacted organizations all over the world, many of whom were not prepared to prevent these attacks from being successful.

The paper we released today details the history of ransomware and how attackers have spent many years trying to get this business model right. We also delve into what we can expect from future ransomware attacks, which includes the trends that follow.

1. More Platforms

Ransomware has already moved from Windows to Android devices and, in one case, targeted Mac OS X. No system is immune to attack, and any device that an attacker can hold for ransom will be a target in the future.

This concept will become even more applicable with the growth of the “Internet of Things” (IoT). While an attacker may be able to compromise an Internet-connected refrigerator, it would be challenging to turn that infection into a revenue stream. But the ransomware business model can be applied in this or any other case where the attacker can achieve all five steps for a successful ransomware attack. After infecting the refrigerator, the attacker could remotely disable the cooling system and only re-enable it after the victim has made a small payment. 

2. Higher Ransoms

The majority of single-system ransomware attacks charge a ransom between $200 and $500, but the values can be much higher. If attackers are able to determine that they have compromised a system which stores valuable information, and that infected organization has a higher ability to pay, they will increase their ransoms accordingly. We have already seen this in a number of high-profile ransomware attacks against hospitals in 2016, where the ransoms paid were well over $10,000. 

3. Targeted Ransom Attacks

A targeted intrusion into a network is valuable to an attacker in many ways. Selling or acting on stolen information is a common technique, but it often requires additional “back-end” infrastructure and planning to turn that information into cash. Targeted ransomware attacks are an alternative for attackers who may not know how else to monetize their intrusion. Once inside a network, attackers can identify high-value files, databases, and backup systems and then encrypt all of the data at one time. These attacks, using the SamSa malware, have already been identified in the wild and proven lucrative for the adversaries conducting them.

Download your copy of the “Ransomware: Unlocking the Lucrative Criminal Business Model” paper and learn techniques for preventing ransomware attacks.

Ransomware-infographic-v5-REVERSE

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 115,116 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,068 other followers

Twitter Updates

Archives

May 2016
M T W T F S S
« Apr   Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
%d bloggers like this: