Security Technology Executive

FEB-MAR 2018

Issue link:

Contents of this Issue


Page 47 of 61

46 SECURIT Y TECHNOLOGY E XECUTIVE • Februar y/March 2018 • www. CYBERSECURIT Y Studying the history of ransomware will help organizations better prepare for an attack By Clyde Hewitt , CI SSP, CH S R eports of one ransomware attack after another continue to fill the news, including recent attacks on healthcare providers, suppliers, and even governments. Ransomware has emerged from an obscure secu- rity incident just a few years ago, to a major threat impacting the operations of many organizations. It is important for all organizations to look at the contributing factors and motivations behind the increase in ransomware, and then use those obser- vations to explore ways to help slow the trend, and identify methods to reduce the adverse impacts. The motivation is money The individuals behind ransomware attacks appear to be motivated by money. Ransomware is pure extortion, whereby the attacker takes control of a victim's valuable asset (e.g., data), encrypts it, and holds it hostage until a ransom is paid. If organi- zations don't pay within a specific amount of time (generally a few days), the extortionist claims he/ she will delete the encryption key which renders the data useless and prevents future decryption. Some organizations that make a business decision to pay the ransom will receive the unlock key, while others will get demands for more money, and some won't receive any response. With the exception of last summer's Not-Petya ransomware attack, which was characterized as a cyberwar-attack from one nation against another's economic infrastructure, ransomware attacks typically contain instructions on how to pay a ransom to recover the data. The reason behind the rise in ransomware is complex, but there are three basic assumptions. First, it was only a few years ago when hackers pri - marily stole data and used that sensitive data for nefarious purposes. For example, stolen credit card numbers could be used to create counterfeit cards, then those cards could be used to purchase goods. As the credit card companies improved fraud pro- tection, the half-life of stolen cards kept getting shorter and shorter, so their street value dropped. The credit card issuers also tightened up controls so that fraudulent use must be geographically close to where the stolen cards are located, or else it trig- gers extra scrutiny. This made international use of stolen credit card numbers risky, so international hackers started losing interest. While breaches of retailer credit card systems still happen, there are other ways to monetize hacks. Second, complex hacks that involve stealing data and monetizing it increases the risk of being caught. In healthcare, for example, we used to see massive data breaches involving millions of patient records. While some of the largest breaches appear to have been orchestrated by nation-states, others were used for identity theft and fraudulent billing. Insurance companies and the government have successfully leveraged 'big data' to identify providers who profit from these activities. Consequently, criminals find it harder to avoid being caught. Finally, one can speculate that the emergence of cryptocurrencies has only compounded the prob- lem. The anonymity of financial payments (e.g., ransom) has paved the way for individual hackers, organized criminals, and nation-states to exfiltrate money from their victims, then spend later without a trace. Cryptocurrencies are also used by nation- states looking to evade tighter sanctions, as the flow of cryptocurrency is thought to be untraceable. The Growing Ransomware Threat and Trends

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - FEB-MAR 2018