One billion dollars also attracts a great deal of innovation, investment money, and opportunity seeking individuals. As ransomware brings in corporate like income, it is also becoming corporately structured as well. In the last six months, Ransomware as a Service (RaaS) was unveiled in which every Tom, Dick, and Harry with a little bit of cyber knowledge and a lack of scruples can download a ransomware kit. These do-it-yourself packages include wizards that will guide you through the process of creating your ransomware package. These packages can be purchased for as little as $40. RaaS is highly organized and structured, much like a traditional multi-level marketing company. Distribution channels are organized by a boss or kingpin, which are organized in a tiered hierarchy of 10-15 affiliates per boss. According to Check Point, revenue estimates are somewhere around $280K. Revenue sharing plans are between authors, bosses, and affiliates.
Believe it or not, ransomware developers have also put a great emphasis on making their software customer friendly. Victims are directed to become user friendly with the web interface, allowing easy and simple navigation to make the transaction speedy and efficient. Some even feature a chat box through which the client can converse with client service specialists who are more than happy to assist in the e-commerce transaction. Some variations such as the recent Spora release offer multiple packages at various price points, including a lifetime immunity offering.
The Big Day
Last Friday’s global ransomware attack should be of no surprise to anyone. We have watched from the sidelines as the ransomware industry has been bolstered by innovation and investment in order to take it to the next level. It was imminent that something big was going to happen. Last Friday did not disappoint.
The attack involved hundreds of thousands of computers spanning more than 150 countries across the world. Unlike recent strains of ransomware such as a Philadelphia version that is designed to specifically target healthcare organizations, this attack spared no one. Driven by a replication seeking worm, this version of ransomware, known as WannaCry, did not discriminate.
The list goes on, and on, and on. . .
Two Examples of How Ransomware Continues to be Effective
The success of ransomware attacks can be attributed to a natural human trait, one that tends to repeatedly get us in trouble – apathy. Despite the headlines of the past fifteen months, individuals and organizations continue to look at ransomware as a foreboding, ominous event that will not happen to them. This attitude is prevalent within the afflicted victims of Friday’s attack. A sterling example is the fact that:
Sadly, this email naivety is not a onetime occurrence. According to Verizon’s 2017 Verizon Data Breach Investigations Report, 1 in 14 users were tricked into clicking a link or opening an attachment. Of those, 25% were duped more than once. It is obvious that end user education is sorely needed today. As famed security blogger and former Washington Times reporter states, “The people behind the keyboards are your weakest endpoints.” He goes on to say that companies need to invest time and resources into end user education, yet even then, there will always be some people who click anything.
While it is easy to blame the users within our organizations, the alarming aspect of Friday’s attack is that:
The WannaCry worm is designed to exploit a flaw within the Windows operating system. IT teams that punctually update their machines on a regular basis were not affected. The attack showed us the surprising fact that so many organizations are still running Windows XP, a much-outdated operating system that is no longer supported. Poor patching practices as well as the continued use of non-supported operation systems and applications leave an organization greatly exposed to both malware attacks and data breaches.
Next Steps: In our next blog, we will look at the proven ways to circumvent ransomware attacks from infiltrating your network and performing their malicious function. In the meantime, look at this tech brief, “Using Network Segmentation to Manage Malware and Ransomware Risks.”