Last year, ransomware became a $1 billion dollar industry. If ransomware were a traditional legitimate industry it would be the focus of case studies for business schools at colleges and universities across the world. Its exponential growth has been unprecedented and its nefarious means of encrypting one’s data files to garner ransom has captured the headlines of newspapers, journals, blog sites, and news channels. One billion dollars brings a lot of attention and spotlight to something.
One billion dollars also attracts a great deal of innovation, investment money, and opportunity seeking individuals. As ransomware brings in corporate like income, it is also becoming corporately structured as well. In the last six months, Ransomware as a Service (RaaS) was unveiled in which every Tom, Dick, and Harry with a little bit of cyber knowledge and a lack of scruples can download a ransomware kit. These do-it-yourself packages include wizards that will guide you through the process of creating your ransomware package. These packages can be purchased for as little as $40. RaaS is highly organized and structured, much like a traditional multi-level marketing company. Distribution channels are organized by a boss or kingpin, which are organized in a tiered hierarchy of 10-15 affiliates per boss. According to Check Point, revenue estimates are somewhere around $280K. Revenue sharing plans are between authors, bosses, and affiliates.
Believe it or not, ransomware developers have also put a great emphasis on making their software customer friendly. Victims are directed to become user friendly with the web interface, allowing easy and simple navigation to make the transaction speedy and efficient. Some even feature a chat box through which the client can converse with client service specialists who are more than happy to assist in the e-commerce transaction. Some variations such as the recent Spora release offer multiple packages at various price points, including a lifetime immunity offering.
The Big Day
Last Friday’s global ransomware attack should be of no surprise to anyone. We have watched from the sidelines as the ransomware industry has been bolstered by innovation and investment in order to take it to the next level. It was imminent that something big was going to happen. Last Friday did not disappoint.
The attack involved hundreds of thousands of computers spanning more than 150 countries across the world. Unlike recent strains of ransomware such as a Philadelphia version that is designed to specifically target healthcare organizations, this attack spared no one. Driven by a replication seeking worm, this version of ransomware, known as WannaCry, did not discriminate.
- Operations at automotive companies such as Nissan and Renault were disrupted
- 48 hospitals in Britain were forced to turn away patients and cancel surgeries
- Infrastructure points such as power companies, natural gas and railroad operations were infected
- Thousands of Asian university students lost academic papers that may interrupt their graduation
The list goes on, and on, and on. . .
Two Examples of How Ransomware Continues to be Effective
The success of ransomware attacks can be attributed to a natural human trait, one that tends to repeatedly get us in trouble – apathy. Despite the headlines of the past fifteen months, individuals and organizations continue to look at ransomware as a foreboding, ominous event that will not happen to them. This attitude is prevalent within the afflicted victims of Friday’s attack. A sterling example is the fact that:
- The primary delivery system of the WannaCry attack was through an email that carried a zip file attachment, which hosted the malicious malware.
Sadly, this email naivety is not a onetime occurrence. According to Verizon’s 2017 Verizon Data Breach Investigations Report, 1 in 14 users were tricked into clicking a link or opening an attachment. Of those, 25% were duped more than once. It is obvious that end user education is sorely needed today. As famed security blogger and former Washington Times reporter states, “The people behind the keyboards are your weakest endpoints.” He goes on to say that companies need to invest time and resources into end user education, yet even then, there will always be some people who click anything.
While it is easy to blame the users within our organizations, the alarming aspect of Friday’s attack is that:
- The attack could have been alleviated by the simple practice of software patching and decommissioning.
The WannaCry worm is designed to exploit a flaw within the Windows operating system. IT teams that punctually update their machines on a regular basis were not affected. The attack showed us the surprising fact that so many organizations are still running Windows XP, a much-outdated operating system that is no longer supported. Poor patching practices as well as the continued use of non-supported operation systems and applications leave an organization greatly exposed to both malware attacks and data breaches.
Next Steps: In our next blog, we will look at the proven ways to circumvent ransomware attacks from infiltrating your network and performing their malicious function. In the meantime, look at this tech brief, “Using Network Segmentation to Manage Malware and Ransomware Risks.”