SECURITY EVANGELIST

Cyber criminals are businessmen nowadays. And they’re good at it too.

They make millions from creating and deploying malicious software on targeted devices from all over the world.

Their income sources are diverse and well planned:

  • making, selling or renting malware and exploit kits
  • building affiliate marketing schemes to grow their malware distribution
  • extorting both big, rich targets and a large number of smaller, not so rich targets that can still pay to rescue their data
  • automating attacks against targets known to vulnerable
  • socially engineering everyone and anyone who falls prey to their ill-willed tactics.

In order to conduct a lucrative business, a businessman must know the market inside out. While they may have not gone to business school, cybercriminals have what they call “street-smarts”. They’re resourceful and agile. And they know one thing very well:

Market knowledge = leverage

Besides uncovering your company’s vulnerabilities, malicious hackers know full well what the core issues in the IT sector are nowadays:

  • Insufficient resources for cyber security (money, time constraints, human resources shortage)
  • Untrained employees who can easily fall prey to social engineering
  • The disconnect between cyber security spending and what’s actually implemented in the organization
  • The fact that business goals almost always prevail in the management’s agenda (see the Yahoo data breach case, which took 2 years to become public knowledge)
  • Wildly complex infrastructures which create countless security holes and are riddled with vulnerabilities
  • Difficulties in updating hardware and software in big companies and public institutions.

And these are just the top hurdles that cyber security professionals and the organizations they work in face today.

How many of these challenges are you facing in your own organization?

Just think about that. (And know that you’re not alone in this.)

Narrowing the funnel

The malware economy is nothing new, but the increasing level of sophistication in cyberattacks is definitely a concern for all organizations, no matter their niche or size.

This underground market has matured and developed into a threat that affects us all. And ransomware is the most feared of all the cyber threats out there.

$209 MMThe FBI reported that, in the first 3 months of 2016, cybercriminals extorted $209 million dollars from businesses and institutions who weren’t prepared to fight it off. With 2016 coming to a close, we can expect that money paid to unlock encrypted data will amount to $1 billion!

So far, cyber attackers have often used the “spray & pray” tactic, indiscriminately going after Internet users and their devices. But in 2016 we’ve seen ransomware attacks becoming more targeted.

ransomware-targets

Source: ISTR Special Report: Ransomware and Businesses in 2016

Having learnt from past experiments, blackhat hackers are now showcasing their level of expertise. They create organization-specific payloads and ransomware that encrypts databases, to make it even more difficult for victims to ensure business continuity. They also use ransomware to access the infected devices remotely and to download and execute additional malware, which can ex-filtrate company data (financial information, sensitive documents, etc.). These attacks are designed to force companies to pay the ransom instead of resorting to other safeguards.

We can surely assume that the list of “innovations” won’t end here. Cybercriminals have found their golden goose (encrypting malware) and they’re going to exploit it as much as they can.

“Pay up or we’ll breach your data and you’ll have to pay a HUGE fine!”

Your organization’s data is a bargaining chip in cyberattacks. That’s because it’s not just your data, but your clients’ data as well. IT criminals know this full well.

In every ransomware attack, there’s a big dose of social engineering. We can expect attackers to include legal consequences into their extortion techniques.

Just like DDoS attacks use a looming threat to hustle money from organizations, ransomware attacks could start doing the same.

Encrypting just a part of the company’s assets could be used as proof of concept.

We can encrypt your entire database if you don’t pay up. And you’ll be at risk of long-lasting legal and financial consequences as well.

This argument might force the right hands to buckle under the pressure and just pay the ransom for fear of something worse happening.

Ransomware creators know that you, as business owner/CEO/CTO/CSO/CISO, are responsible of keeping the customers’ personal data safe from harm. If you fail to do so, the EU General Data Protection Regulation (GDPR) stipulates at least 3 serious legal and financial effects:

  1. You’ll have to report the data breach immediately to the responsible institutions
  2. Your company can become subject to a class action lawsuit orchestrated by your customers (whose data you exposed)
  3. You’ll become liable to fines up to 20 million euros or up to 4% of your company’s annual worldwide turnover of the preceding financial year, whichever is greater.

Moreover, being a cybercrime victim will also bring on regular periodic data protection audits, which will increase the burden on your company.

These strong sanctions were introduced in the EU GDPR to urge companies to invest in their cyber security and take practical steps towards better data protection. The regulation is coming into full effect in 2018, so there is no time to waste.

For many companies, the pressure of a potential fine worth millions of euros may be too much. As a result, they may be tempted to pay the ransom and not report the attack rather than run the risks of exposure.


Of course, paying the ransom doesn’t guarantee that more attacks won’t follow. It also doesn’t assure you that you’ll actually get the encrypted data back.

We’ve already made a list of the available ransomware decryption tools out there, but the strongest and most dangerous encrypting malware families are still unbreakable (Locky, CryptoLocker, Cerber, etc.).

The solution?

Outpace cybercriminals with a proactive approach to your company’s cyber security. It will help you ensure that you exponentially minimize your exposure to cyberattacks, while mitigating risks and proving to EU institutions that you’re responsibly working on improving your defenses.

What is Ransomware
2017.05.15 SLOW READ

What is Ransomware and 15 Easy Steps To Keep Your System Protected [Updated]

Ransomware-Decryption-Tools
2016.10.05 QUICK READ

Ransomware Decryption Tools – Unlock Your Data for Free

ransomware-distribution-in-companies
2016.04.01 QUICK READ

Ransomware Distribution: How One Infection Can Go Network-Wide

Comments

@BaliBob
1) banks and financiers did not create bitcoin, so they cannot uncreate it. As an aside, banks generally hate bitcoin, because it threatens their business model
2) There are hundreds of cryptocurrencies. If bitcoin was banned, other currencies would be used. Indeed bitcoin wasn’t built to be truly anonymous. Other newer cryptocurrencies are 100% anonymous

Valuable advice, thank you as always.

Thank you for the kind feedback and for being a loyal reader!

Without the existence of the Bitcoin Ransomware could not exist. When it first
appeared I pressed for immediate action for it to be banned – poo poo was the
reaction from banks and financiers alike. Now look what has come home to roost

It is true that Bitcoin played a key role in this. However, we have to figure out what we can do now, because there’s no way to erase what has been done.

Ransomware has existed since the late 80’s (the AIDS malware). It was originally spreading through floppy disks (remember those?) and you would have to pay via Western Union. Bitcoin has merely facilitated something already existing, and the criminals would have resorted to various payment schemes (as they always have done) even of Bitcoin did not exist.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP