4 Things to Know About Ransomware
Hello everyone! I am still here, I have just been busy behind the scenes for a while. I plan to write more blogs and resume the podcast soon!
I want to provide this list of things to know about Ransomware as a follow on to Scott’s piece about the Apple Ransomware and the rise to prevalence of Ransomware.
1. Most Ransomware is based on Cryptolocker, Cryptowall, or TorrentLocker
Unlike malware as a whole, Ransomware typically is sourced from one of three trojan wrappers. This means that the mode of infection is typically similar and easier for antivirus software to detect and disable. Unfortunately, because they are trojans, they may look useful and the user may override the ‘judgement’ of the trojan.
2. Ransomware can be costly
Here is an example of a HOSPITAL paying $17,000 to remove Ransomware. In addition to paying the $17,000 or 40 bitcoin, the hospital also had to pay IT professionals and cybersecurity experts to help solve the problem. Per Ars Technica, they also had to shift to paper charting and transmission of information via fax, which certainly added an additional layer of cost via supplies and effort. This could also reduce security in transmission of data via fax and the ability for theft and replication of sensitive documents in paper form.
3. Sometimes it is better to just pay the demanded fees
The Southern Fried Security Podcast recently did an episode about caving into the demands of attackers and terrorists (Episode 169). In it, a discussion about compromised Comcast accounts came about just before a statement from FBI was mentioned. An employee of the FBI said that it was sometimes better to just pay the ransom. Does this sharply contrast the “non-negotiation” mentality? Certainly! Does he have a point? Yes.
Take the hospital ransomware scenario for example. They fought the infection for 10 days while embodying the “non-negotiation” mentality. This proved costly for reasons that I discuss above. The hospital could’ve paid the $17,000 and used the additional funds to determine the vector of infection, perform root cause analysis, and working on Section #4 of this blog.
4. Ransomware infections CAN be prevented
As with anything in technology, there is not a 100% solution to this aside from the power switch/button. While maintaining up to date antivirus software is a good start, the behavior and signatures may vary enough to evade detection – especially if coupled in with a polymorphic or armored virus. As with many malware attacks, the main vector of entry circles back to the soft spot: people – the users. The lack, poor implementation, and poor measurement of security awareness programs (also discussed by Southern Fried Security Podcast – Episode 172) is a major contributing factor in attack successes. In programs that are robust and not “once and done,” people are more aware of current threats and the proper actions. Bounty hunts and incentivized reporting are also tools that security management can use to help enhance the program. This goes back my philosophical debate of compliance for the sake of compliance and nothing else, which I will save for another time.
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.