Cybersecurity After Dark | Episode 4
Everybody’s heard of ransomware, but many are still confused about what it is, how it works, and who’s behind it. In Episode 4 of Cybersecurity After Dark, Sean, and Dan start a 3-part series on ransomware. This week’s episode covers the basics – Ransomware 101.
Read on for some little-known trivia facts on ransomware’s nativity, the real cost of a ransomware attack, and debunking claims from bad actors that it’s “ethical thievery.”
What is ransomware and how does it work?
Ransomware uses asymmetric encryption. There are two keys: The public key is where you encrypt to and the private key is what you encrypt with. In order to decrypt something, you have to have both keys. Usually, hackers send some type of malware on your computer that can encrypt files, disks, and can move from one to another. It may be delivered through several different means – a phishing attack or a downloadable executable. Their tactics continue to get more sophisticated.
Once they send you the ransom note with their demands, it’s a race against the clock to either decrypt your data or pay up. Usually, folks end up paying in cryptocurrency. Once you pay, they release the private key to you, but that’s not always the case.
From ransomware’s beginnings to the longest-running cyber Trojan Horse
Basically, Dr. Popp circulated a questionnaire for his colleagues to fill out via a floppy disk. When they put it in their computers, it installed malware with a logic bomb that would encrypt everything after the computer rebooted 90 times. Then, victims were instructed to send a check to a specified address.
In a nutshell, that is still the general concept behind ransomware today. Popp did indeed unleash a cyber Trojan Horse that lead to some medical and research organizations losing years of work. Today, Popp’s prodigies continue refining ransomware tactics keeping us all wary of escalating attacks. In fact, ransomware attacks are up by 151% in 2021 compared to 2020. It progresses so fast that every month is a new record.
How is ransomware spread?
Those who have experienced ransomware can tell you it is frustrating. Not only are your files and data held hostage, but hackers will send “cute” messages notifying you of your time limits and consequences should you fail to payout. In these cases, people feel their hands are tied, panic, and payout. They don’t know what’s on the ransomware or even what’s in their systems.
The damage control once the dust settles not only amounts to lost funds, but there’s not always a guarantee that cybercriminals will return your data or assets. On top of that, recovery is expensive and time-consuming, which only adds to the initial bounty payout. That’s why headlines estimate the cost of a ransomware attack in the ballpark of hundreds of thousands to millions.
These circumstances put CISOs and cybersecurity leaders in a constant defensive posture. They are desperate to beef up their cybersecurity initiatives and find their gaps in security. Nobody wants to be another headline for a ransomware attack or deal with the repercussions of a breach on the organization.
Here’s what to monitor on systems to avoid a ransomware attack:
- Phishing spam: Ransomware is generally user-initiated. Hackers know that people will respond to urgent messages from upper management or friendly faces. They hide malware in a link or a downloadable embedded in a message. All it takes is one simple click, and the system is compromised.
- Compromised or malicious sites: Malicious URLs also exist on malicious websites, malvertisements, or anywhere online a user may click. Once clicked on, it’s only a matter of time before the ransomware will attempt to spread to the rest of a user’s machine.
- Remote desktop protocol: VPNs and virtual desktop infrastructures are tempting opportunities for malicious actors. The danger of these systems lies in the organization’s lack of control over outside technology use. That’s why proper remote work policies and granular horizontal traffic monitoring are essential to keep ransomware access out of critical data, assets, and devices.
Despite efforts to promote awareness and smart online behavior, ransomware continues to pose risks on the threat landscape. First, cybersecurity leaders can’t control how people act online, which leaves a lot of room for error. Second, they also have to stay one step ahead of evolving cybercrime tactics.
Ransomware as a Service & the illusion of “ethical thievery”
There’s a reason ransomware is on the rise; it’s a big, lucrative business. As stated previously, ransomware attacks rose 151% from 2020 to 2021. Why? Sean says, “It doesn’t help that companies pay the ransom.” Colonial Pipeline reportedly paid out $4 million in ransomware. The reason is simple: Money drives motivation.
Second, it’s easier for people to become ransomware hijackers. Cyber criminals don’t need much technical finesse or proficiency with the rise of Ransomware as a Service (RaaS). RaaS is a business model where people hire out or create affiliates. When it’s done as a service, the barrier for entry is minimal. Individuals involved could be anyone from those seeking “get-rich-quick” schemes to re-sellers. They create chaos and sit back and watch.
Even worse, in Sean and Dan’s estimation, are organizations like REvil that try to market RaaS as a way to make money ethically without creating social disorder. Sean points out that’s equivalent to saying, “I want to rob you, but I don’t want to shoot you.” In the end, there is nothing ethical about ransomware. You’re still robbing people at gunpoint – and they don’t believe that you’re not going to use it.
This was just the first entry in a three-part series. Check back in to catch the rest of the discussion, and get a deeper understanding of the ransomware threat.