Cybersecurity After Dark | Episode 4

Everybody’s heard of ransomware, but many are still confused about what it is, how it works, and who’s behind it. In Episode 4 of Cybersecurity After Dark, Sean, and Dan start a 3-part series on ransomware. This week’s episode covers the basics – Ransomware 101.

Read on for some little-known trivia facts on ransomware’s nativity, the real cost of a ransomware attack, and debunking claims from bad actors that it’s “ethical thievery.”

Catch the full episode on YouTube! 

What is ransomware and how does it work? 

Ransomware uses asymmetric encryption. There are two keys: The public key is where you encrypt to and the private key is what you encrypt with. In order to decrypt something, you have to have both keys. Usually, hackers send some type of malware on your computer that can encrypt files, disks, and can move from one to another. It may be delivered through several different means – a phishing attack or a downloadable executable. Their tactics continue to get more sophisticated.

Once they send you the ransom note with their demands, it’s a race against the clock to either decrypt your data or pay up. Usually, folks end up paying in cryptocurrency. Once you pay, they release the private key to you, but that’s not always the case. 

From ransomware’s beginnings to the longest-running cyber Trojan Horse

Despite recent media awareness of ransomware, it’s been around for over 30 years. AIDS researcher Dr. Joseph Popp is credited with distributing the first bonafide ransomware, the AIDS Trojan.

Basically, Dr. Popp circulated a questionnaire for his colleagues to fill out via a floppy disk. When they put it in their computers, it installed malware with a logic bomb that would encrypt everything after the computer rebooted 90 times. Then, victims were instructed to send a check to a specified address.

In a nutshell, that is still the general concept behind ransomware today. Popp did indeed unleash a cyber Trojan Horse that lead to some medical and research organizations losing years of work. Today, Popp’s prodigies continue refining ransomware tactics keeping us all wary of escalating attacks. In fact, ransomware attacks are up by 151% in 2021 compared to 2020. It progresses so fast that every month is a new record.

How is ransomware spread?

Those who have experienced ransomware can tell you it is frustrating. Not only are your files and data held hostage, but hackers will send “cute” messages notifying you of your time limits and consequences should you fail to payout. In these cases, people feel their hands are tied, panic, and payout. They don’t know what’s on the ransomware or even what’s in their systems.

The damage control once the dust settles not only amounts to lost funds, but there’s not always a guarantee that cybercriminals will return your data or assets. On top of that, recovery is expensive and time-consuming, which only adds to the initial bounty payout. That’s why headlines estimate the cost of a ransomware attack in the ballpark of hundreds of thousands to millions.

These circumstances put CISOs and cybersecurity leaders in a constant defensive posture. They are desperate to beef up their cybersecurity initiatives and
find their gaps in security. Nobody wants to be another headline for a ransomware attack or deal with the repercussions of a breach on the organization.

Here’s what to monitor on systems to avoid a ransomware attack: 

  • Phishing spam: Ransomware is generally user-initiated. Hackers know that people will respond to urgent messages from upper management or friendly faces. They hide malware in a link or a downloadable embedded in a message. All it takes is one simple click, and the system is compromised.
  • Compromised or malicious sites: Malicious URLs also exist on malicious websites, malvertisements, or anywhere online a user may click. Once clicked on, it’s only a matter of time before the ransomware will attempt to spread to the rest of a user’s machine.
  • Remote desktop protocol: VPNs and virtual desktop infrastructures are tempting opportunities for malicious actors. The danger of these systems lies in the organization’s lack of control over outside technology use. That’s why proper remote work policies and granular horizontal traffic monitoring are essential to keep ransomware access out of critical data, assets, and devices.

Despite efforts to promote awareness and smart online behavior, ransomware continues to pose risks on the threat landscape. First, cybersecurity leaders can’t control how people act online, which leaves a lot of room for error. Second, they also have to stay one step ahead of evolving cybercrime tactics.

Ransomware as a Service & the illusion of “ethical thievery”

There’s a reason ransomware is on the rise; it’s a big, lucrative business. As stated previously, ransomware attacks rose 151% from 2020 to 2021. Why? Sean says, “It doesn’t help that companies pay the ransom.” Colonial Pipeline reportedly paid out $4 million in ransomware. The reason is simple: Money drives motivation.

Second, it’s easier for people to become ransomware hijackers. Cyber criminals don’t need much technical finesse or proficiency with the rise of Ransomware as a Service (RaaS). RaaS is a business model where people hire out or create affiliates. When it’s done as a service, the barrier for entry is minimal. Individuals involved could be anyone from those seeking “get-rich-quick” schemes to re-sellers. They create chaos and sit back and watch.

Even worse, in Sean and Dan’s estimation, are organizations like REvil that try to market RaaS as a way to make money ethically without creating social disorder. Sean points out that’s equivalent to saying, “I want to rob you, but I don’t want to shoot you.” In the end, there is nothing ethical about ransomware. You’re still robbing people at gunpoint – and they don’t believe that you’re not going to use it.

This was just the first entry in a three-part series. Check back in to catch the rest of the discussion, and get a deeper understanding of the ransomware threat.

Catch the full details from Cybersecurity After Dark:

Subscribe on YouTube

Nichole Kelly

Nichole Kelly

Vice President of Growth

Nichole Kelly brings over two decades of experience in growing organizations top line and bottom line revenue. As one of the leading marketing influencers she is the author of "How to Measure Social Media" and has traveled the world teaching marketers how to build and execute ROI-driven marketing strategies at every major marketing conference. Also an entrepreneur, Kelly was also the founder of SME Digital, a digital marketing agency that was sold to Renegade Marketing.

Kelly leads an active life of service and is the founder of The Bipolar Executive blog and podcast. This project is  designed to help shift the conversation around mental illness to one of mental wellness in Corporate America. 

Kelly holds a Bachelor’s Degree in Business Administration with a minor in Marketing from Saint Leo University.

Connect on my blog The Bipolar Executive

Connect on LinkedIn

Chris Schroeder

Vice President of Engineering, Co-Founder

Chris Schroeder has over 25 years of experience in large complex IT environments from the Fortune 500 to the federal government. Chris has an extensive technology background in mobility, infrastructure operations, and data analytics. Schroeder is a seasoned entrepreneur and co-founder of App47 and the Vice President of Engineering and co-founder of RealOps (sold to BMC).

Chris is an active volunteer in his community coaching boys and girls lacrosse, supporting high school STEM programs, and serving on the Pastoral Council. 

Schroeder holds a Bachelor’s Degree in Computer Science from Radford University and a Masters Degree in Technology Engineering from George Washington University.

Connect on LinkedIn

Sean McDermott

President & CEO, Founder

Sean McDermott’s curiosity for advancing technology began at his first job as a network engineer/architect installing and managing the first private internet for the U.S. Department of Justice. At a time when the internet was just taking off, McDermott was at the forefront and has continued to be on the cutting edge of technology leading Fortune 500 companies through the dot-com bust, 9/11 and the 2008 recession. Sean has over three decades of experience working with CIOs in the Fortune 500 to trail blaze innovation and protect the IT infrastructure of the largest commercial and federal organizations in the world. 

McDermott is a mission-driven, serial entrepreneur who founded Windward Consulting Group, RealOps, Inc. (sold to BMC), App47 and RedMonocle. He is also the founder of the Windward Foundation and Alzheimer’s Caregiver Alliance, an organization dedicated to easing the burden of caregiving for individuals and families touched by Alzheimer’s disease.

McDermott is a member of the Forbes Tech Council and has been featured in Security Boulevard, TechRepublic, IT Visionaries, APM Digest, Inside BigData, DevPro Journal, IT Toolbox and more. He  holds a Bachelor’s Degree in Electrical Engineering from Villanova University and a Masters in Engineering Management from The Catholic University of America. 

Connect on my blog Wheels up World 

Connect on LinkedIn