4 Things to Know About Ransomware

4 Things to Know About Ransomware

Hello everyone! I am still here, I have just been busy behind the scenes for a while. I plan to write more blogs and resume the podcast soon!
I want to provide this list of things to know about Ransomware as a follow on to Scott’s piece about the Apple Ransomware and the rise to prevalence of Ransomware.

1. Most Ransomware is based on Cryptolocker, Cryptowall, or TorrentLocker

Unlike malware as a whole, Ransomware typically is sourced from one of three trojan wrappers. This means that the mode of infection is typically similar and easier for antivirus software to detect and disable. Unfortunately, because they are trojans, they may look useful and the user may override the ‘judgement’ of the trojan.

2. Ransomware can be costly

Here is an example of a HOSPITAL paying $17,000 to remove Ransomware. In addition to paying the $17,000 or 40 bitcoin, the hospital also had to pay IT professionals and cybersecurity experts to help solve the problem. Per Ars Technica, they also had to shift to paper charting and transmission of information via fax, which certainly added an additional layer of cost via supplies and effort. This could also reduce security in transmission of data via fax and the ability for theft and replication of sensitive documents in paper form.

3. Sometimes it is better to just pay the demanded fees

The Southern Fried Security Podcast recently did an episode about caving into the demands of attackers and terrorists (Episode 169). In it, a discussion about compromised Comcast accounts came about just before a statement from FBI was mentioned. An employee of the FBI said that it was sometimes better to just pay the ransom. Does this sharply contrast the “non-negotiation” mentality? Certainly! Does he have a point? Yes.

Take the hospital ransomware scenario for example. They fought the infection for 10 days while embodying the “non-negotiation” mentality. This proved costly for reasons that I discuss above. The hospital could’ve paid the $17,000 and used the additional funds to determine the vector of infection, perform root cause analysis, and working on Section #4 of this blog.

4. Ransomware infections CAN be prevented

As with anything in technology, there is not a 100% solution to this aside from the power switch/button. While maintaining up to date antivirus software is a good start, the behavior and signatures may vary enough to evade detection – especially if coupled in with a polymorphic or armored virus. As with many malware attacks, the main vector of entry circles back to the soft spot: people – the users. The lack, poor implementation, and poor measurement of security awareness programs (also discussed by Southern Fried Security Podcast – Episode 172) is a major contributing factor in attack successes.  In programs that are robust and not “once and done,” people are more aware of current threats and the proper actions. Bounty hunts and incentivized reporting are also tools that security management can use to help enhance the program. This goes back my philosophical debate of compliance for the sake of compliance and nothing else, which I will save for another time.

 Other High Profile Breaches:

Experian (includes T-Mobile)
Scottrade
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

References

Ransomware Hits Mac Computers
Southern Fried Security Podcast
Southern Fried Security Podcast – Episode 169
Southern Fried Security Podcast – Episode 172
Ars Technica

 

Enter your email address:


Delivered by FeedBurner

Subscribe to our mailing list

* indicates required



 

About Joe Gray

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security.

Joe is in pursuit of his PhD in Information Technology (with focus in Information Assurance and Security). His undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed a Graduate Certificate in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College.

Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.