An interesting blog from our colleagues at Idealstor highlighting the challenge we all face re combating cyber-criminals involved in ransomware attacks . Particulary relevant to us in the UK following the recent attacks on our National Health Service :
Picture the following scenario; you have just embarked on a
well-deserved holiday to Austria with your significant other, and are
about to check into the luxurious 4 star hotel- Romantik Seehotel
Jägerwirt. Minutes after checking in, you learn that you are unable to
enter your hotel room. The two of you would like to refresh yourselves
before enjoying the beautiful lakeside setting along the
Alpine Turracher Hohe Pass. It is winter and is therefore absolutely
gorgeous! Regardless, you still cannot enter your room to freshen up and
get changed. The hotel management informs you that the key card system
isn’t working and that you have been locked out of your hotel room.
What’s worse is that there’s nothing they can do about it!
With your frustrations building up and your holiday experience just
being ruined, you later find out that the hotel’s modern IT system has
been hacked by cyber-criminals and that they were holding it ransom.
They had agreed to restore the hotel’s systems if just 1,500 EUR (1,272
GBP) in Bitcoin was paid to them.
What you may have realized by now, is that the scenario being
described really did occur. It was all the more real for the furious
managing director, Christoph Brandstaetter, who told the press "The
hotel was totally booked with 180 guests, we had no other choice.
Neither police nor insurance would help you in this case.” Hence, it was
cheaper and faster for the hotel to just pay the Bitcoin as ransom.
Once the hackers got the money, they unlocked the key registry system
and all other computers, enabling the hotel to function as normal
again. The case costed the hotel lots of money and perhaps more
importantly, it negatively impacted their brand’s reputation in the eyes
of their loyal customers.
This is just one of many reported cases involving ransomware. A
study performed by Symantec between April, 2015 and April, 2016,
showcased that it was not only a serious threat to private institutions
and national security. It was discerned that end consumers were the most
affected victims, accounting to 57% of all attacks, in comparison to
enterprises at only 43%.
The various percentages in terms of the nature of businesses that were attacked:
- Services sector with 38% was by far the most affected
- Manufacturing at 17%
- Finance, insurance and real estate with 10% of infections
- Public administration at 10%
- Wholesale trade at 9%
- Transportation, communications and utilities at 7%
- Retail trade at 4%
- Construction with 4%
- Mining, agriculture, forestry and fishing with just 1% of infections
On an international scale, the US was the region most affected by
ransomware during the period mentioned, with 28% of all global
infections. Canada, Australia, India, Japan, Italy, the UK, Germany, the
Netherlands, and Malaysia round out the top 10. The average ransom
demand has more than doubled and is now $679, up from $294 at the end of
2015.
Cyber-criminals have introduced many new versions of ransomware, that
are now being coded using different programming languages, such as
JavaScript, PHP, PowerShell, and Python. These languages are
specifically used as an effort to evade detection by the various
security products in the market.
A series of more advanced types of ransomware have also begun to
worsen the damage done, by going beyond the usual methods of locking
devices or encrypting files.
Some of these include:
- CryptXXX (Trojan.Cryptolocker.AN), which contains an enhanced feature that allows it to gather Bitcoin wallet data and send it to the attackers.
- Cerber (Trojan.Cryptolocker.AH), which is reportedly capable of adding the infected computer to a botnet which can then be used to carry out distributed denial of service (DDoS) attacks.
- Chimera (Trojan.Ransomcrypt.V), which makes an additional threat in its ransom message.
- RaaS (Ransomware-as-a-Service), which allows a larger number of cyber-criminals to acquire their own ransomware, including those with relatively low levels of expertise.
Adoption
of these new techniques demonstrate how ransomware is continuously
evolving to be more threatening while remaining profitable. Another growing phenomenon that has been witnessed with the increased
number of ransomware cases, is the involvement of ‘rogue employees’ in
enterprises. Rogue employees tend to have access to sensitive information that
belong to enterprises and could use ransomware as a threat to expose,
destroy or manipulate this sensitive information. These attacks could cost the organisation millions of dollars in terms of operations and even impact its reputation.
Some enterprises fail to understand how important the information
that they hold in their systems really are, until they have faced a
ransomware attack themselves. These enterprises should enlist the help of experts in the field of
information security services. They can help a business safeguard their
information, by engaging the correct balance of experienced
professionals and tools for a specific task. Further, the trusted advice of such a service can be relied on, to
help a business regain their operations in the event of a ransomware
attack.
At Idealstor (founded in 2002 by Nezzen Systems out of Gaithersburg,
Maryland), with the many years of experience in providing IT security
services to our customers, we have built a pool of highly seasoned
information security professionals. While researching and gaining expertise on malware and ransomware
related attacks for years, Idealstor's professionals have developed the
‘Flashback Business Continuity and Disaster Recovery’ solution. This solution not only notifies our customers of ransomware
infections, but it also allows them to resume operations from a previous
backup if attacked. It enables the customer’s operation to functional
normally, within minutes, instead of having to deal with downtime and
the accompanying loss of productivity. Idealstor has also diversified into cloud based solutions such as Disaster Recovery as a Service (DRaaS). They have the tools and expertise within the cloud, to keep your business data protected, be operational even during a disaster and to ensure that you have peace of mind with demonstrated recoverability. More information relating to Idealstor’s DRaaS backup and recovery products and services can be found at: http://www.idealstor.com/2017/06/25/combating-the-new-age-of-cyber-criminals-involved-in-ransomware-attacks/