//
you're reading...
Information Security, IT & TECHNOLOGY

Personalized Ransomware: Price Set by Your Ability to Pay


CSA-Logo

price-discrimination-blog-2Smart entrepreneurs have long employed differential pricing strategies to get more money from customers they think will pay a higher price. Cyber criminals have been doing the same thing on a small scale with ransomware: demanding a larger ransom from individuals or companies flush with cash, or organizations especially sensitive to downtime and service disruptions. But now it appears cyber criminals have figured out how to improve their ROI by attaching basic price discrimination to large-scale, phishing-driven ransomware campaigns. So choosing to pay a ransom could come with an even heftier price tag in the near future.

Personalization made easy: no code required
Typically, a ransom payment amount is provided by a command and control server or is hardcoded into the executable. But Malware Hunter Team recently discovered a new ransomware variant called Fantom that uses the filename to set the size of the ransom demand. A post on the BleepingComputer blog explains that this allows the developer to create various distribution campaigns using the same exact sample, but request different ransom amounts depending on how the distributed file is named—no code changes required. When executed, the ransomware will examine the filename and check if it contains certain substrings. Depending on the matched substrings, it will set the ransom to a particular amount.

Businesses beware
The news is salt in the wound for businesses, which have already been targeted by ransomware at a growing pace with higher price demands. A 2016 Symantec survey found that while consumers account for a slight majority of ransomware attacks today, the long-term trend shows a steady increase in attacks on organizations.

Those most vulnerable? Healthcare and financial organizations, according to a 2016 global ransomware survey by Malwarebytes. Both industries were targeted well above the average 39 percent ransomware penetration rate. Over a one-year period, healthcare organizations were targeted the most at 53 percent penetration, with financial organizations a close second at 51 percent.

And while one-third of ransomware victims face demands of $500 or less, large organizations are being extorted for larger sums. Nearly 60 percent of all enterprise ransomware attacks demanded more than $1,000, and more than 20 percent asked for more than $10,000, according to the Malwarebytes survey.

A highly publicized five-figure ransom was demanded of the Los Angeles-based Hollywood Presbyterian Medical Center in February. A ransomware attack disabled access to the hospital’s network, email and patient data. After 10 days of major disruption, hospital officials paid the $17,000 (40-bitcoin) ransom to get their systems back up. Four months later, the University of Calgary paid $20,000 CDN in bitcoins to get its crippled systems restored.

Now with a new price-discrimination Fantom on the loose, organizations can expect to be held hostage for even higher ransoms in the future.

Susan Richardson

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 108,881 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,726 other followers

Twitter Updates

Archives

November 2016
M T W T F S S
« Sep   Dec »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: