Daily Archives: June 15, 2016

Ransomware is Growing as Cyber Crime Pays Off

Ransomware
Ransomware is growing and transforming and cyber criminals are taking it to the bank!

Ransomware is growing into a huge business for cyber-criminals. This is business venture has a very low cost to maintain so criminals jump in and out of the business very easily.

An analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump.

Published on PhishMe’s Q1 2016 Malware Review identified ransomware is growing by three key trends previously recorded throughout 2015, but have come to full fruition in the last few months:

  1. Encryption Ransomware
  2. Soft Targeting by Functional Area
  3. Downloader/Ransomware: the one-two combination

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises,” explains Rohyt Belani, CEO and Co-Founder of PhishMe.

Rohyt continues, “Another 2015 trend that emerged into fuller fruition during the first quarter of 2016 is threat actors’ use of soft targeting in phishing. In contrast to both broad distribution and the careful targeting of one or two individuals via spear phishing emails, soft targeting focuses on a category of individuals based on their role within any organization anywhere in the world. Criminals target this subset with content relevant to their role. Such malicious emails are typically accompanied with Microsoft Office documents laden with malware or the ability to download the same.” During the first quarter, JavaScript applications even surpassed Office documents with macro scripts to become the most common malicious file type accompanying phishing emails.

Whichever way the cyber-criminals succeed to infiltrate the organization, the impact on the victimized organization is significant because it needs to use up scarce incident response resources for cleaning up, managing a potential public relations nightmare, and in some cases even caving in to hacker demands of paying the ransom being demanded.

The latest Infoblox DNS Threat Index for Q1 2016 reports a 3,500 percent increase in ransomware domain creation quarter on quarter from 2015. “The relative cost of infrastructure is so low that it completely makes sense from the criminal’s point of view,” Rod Rasmussen, vice president of cyber security at Infoblox.

Another factor behind the fact that ransomware is growing is that people are paying the ransoms.  Don’t mistake this as an honorable act though. According to SecureWorks senior security researcher Keith Jarvis, more than four dozen distinct families of ransomware have emerged since the start of 2015 and “generally, 0.25% to 3.0% of victims elect to pay a ransom,” Jarvis explains, “meaning attackers need to destroy data on anywhere from 30 to 400 computers for every victim who relents and pays the ransom.”

Estimating the ransomware industry, we find that the largest operations are pulling in several million dollars per year. Which is hardly surprising when you consider that 93% of phishing emails delivered last quarter contained ransomware.”

It’s an attractive threat sector for many reasons. Number one, persistent attacks can be avoided. “Ransomware that encrypts all the data and destroys local backups before asking for a lump sum payout,” Dave Venable, VP of cyber security at Masergy told SC, “lets hackers avoid the higher costs and labor of maintaining the infrastructure of persistent attacks.”

Ransomware is popular because the malware can be monetized anonymously and quickly. “Through the use of bitcoin payment systems,” explains Gunter Ollmann, CSO at Vectra Networks, “the criminal can force the victim to pay the ransom in a monetary unit that facilitates complete anonymity and can be trivially converted to cash.” Gone are the days of requiring different and specialist criminal hands to both launder the data and anonymously monetize it.

As Ilia Kolochenko, CEO of High-Tech Bridge, concludes, “Ransomware is not a technical problem, but a business model problem: while it will remain the easiest way to extort money, it will continue skyrocketing.”