Through Charles van der Walt, Head of Security Research, Orange cyber defense
It seems that hardly a day goes by that ransomware doesn’t make the headlines. There have been a number of incidents in recent years, one of the most famous of which has involved up to 1,500 companies around the world in a ransomware attack, centered on US IT company Kaseya. Companies around the world had critical files locked on their computer networks as a result of the attack. The hackers reportedly demanded $70 million in bitcoin, and Kaseya has to date refused to say whether any extortion payment was made.
Cryptocurrency plays a central role in all major ransomware attacks. The rise of Bitcoin and other cryptocurrencies has made ransomware one of the most profitable business models in cybercriminals’ arsenal. Bitcoin was exactly the shot in the arm that the ransomware industry needed. It is a safe, cheap and reliable means of payment with a high level of anonymity.
Hackers only need to monitor the public blockchain to find out if and when their target paid. You can also create a unique payment address for each victim and have the locked files automatically released upon confirmation of payment.
The threat and consequences of ransomware attacks are now well understood by many people, and the problem doesn’t look like going away. So what can be done to mitigate the potential impact?
First, it must be understood how easy it is for criminals to gain access to IT systems. Take the example of WannaCry, a global attack that targeted the Microsoft Windows operating system and infected hundreds of thousands of computers in more than 150 countries in a matter of hours. Although Microsoft released a critical patch a month before the original attack, there were still many Windows users with unpatched systems. Such a seemingly simple and routine action, but for whatever reason, no patches were implemented and the resulting attack was potentially catastrophic.
There is no one-size-fits-all solution to beating cybercriminals, but starting with the basics is crucial. Anyone with a network needs to conduct a thorough review of the organizational processes and procedures surrounding security, both from a technological and human perspective. Ensure a high level of cyber hygiene with advanced antivirus protection, tight network filtering, careful user rights management and timely software patching. Business continuity plans should always include an offline backup of all data so that no payment is required to get it back. Identify all potential risks, address them, and never assume you won’t be a target.
A crucial step — while it sounds like it’s miles away from a solution for ransomware — is to start using the right terminology for such crimes. It’s not just ransomware that’s powering crypto’s tremendous growth, but cyber-extortion (Cy-X) in general. It may sound semantic, but ransomware is – of course – a very specific use of malware to hijack a computer or network and extort money for its safe return. What we’re watching, what we call Cy-X, isn’t just about patches and antivirus, it’s a criminal business model of security being compromised, an asset being stolen and held captive until a ransom is paid. This opportunistic and malicious crime requires a systemic and almost psychological response.
Looking at Cy-X as a whole and not just ransomware, you see a whole swarm of extortion-based, crypto-powered cybercrimes that will require a consistent and methodical response from all of us in the industry to combat it. We need to minimize the victims’ attack surface, ensure they adopt best practice behaviors and share less valuable resources online. Then we need to demotivate the responsible offenders, be it the initial access intermediary, their affiliates or operators, and have a concerted law enforcement response to minimize the flow of money from victim to offender. Finally, we need to educate the wider community about constant vigilance – it’s a community-led approach needed to contain the problem of cyber extortion.
Ultimately, ransomware, cyber extortion and the like are infections and can only be controlled if everyone does their part to ensure their security is as good as possible. The market conditions for ransomware, the availability of cryptocurrency, and the head-in-the-sand approach of many organizations have created a fertile environment. We must all work together to prevent further growth.
#Ransomware #widespread #cryptocurrency #blame