Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Security Journal Authors: Pat Romanski, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: Cloud Computing, Security Journal, Secure Cloud Computing

Article

Ransomware Evolution | @CloudExpo #InfoSec #DataCenter #Security

What You Should Know About Ransomware Evolution

Initially, we came across ransomware which exploited the entire system and just restricted you from interacting with your own device, later on requiring you to pay dollars if you want to go back and use your computer.

And then it started becoming obsolete because an end-user. People were asking themselves: “That is my computer, would I pay $100 for it? If I don't really have data, I’d better format my PC and start all over again.” So, that strategy – locking access to computers, started becoming obsolete.  What did the bad guys do?  They realized that the previous strategy was only good when the data that computer was holding was valuable. So they started asking ransom for the data, and that's what they're doing now.

That was the evolution. It's the same thing with the same bad people doing that, evolving over time, and then we get a situation now where the bad guys are looking at the valuable part of the computer, which is the data. And now criminals are going after the computer data. They encrypt the information. They don’t pay attention when you are reaching out to some software tools on your PC. What is important now is that you won’t have the ability to open your files. Now if you need those files, if they are important to you, send money first.

Soб it's been evolving over time. The moment when someone reinvented the whole ransomware strategy and being successful with it, then everybody else in that same black hat industry started to do the same. It moved on progressively from one to the other cyber-criminal.

Encryption is an old tool, It's just putting data into a strong box and protecting it. I get your data, your personal stuff, in my strong box and say: "Hey, I won't give you the combination, just give me the money."  Is that a bad use of a safety locker?  It probably is. Does it mean that the technology is not doing its work? No, it's doing perfectly what it's supposed to be doing. It's a misuse. It's just that the bad guy is using it his way.

If you think that this is bad for the end-user, it's much worse for the corporation because at the end of the day, corporations host a lot of very important data. Private users have family pictures on their hard disk. If they lose them, they would be pained. Five years’ worth of pictures are gone, but ordinary people are not going to pay $3,000 to get those pictures back. But in a corporation, imagine salary data, financial data кthat is completely vital. Corporations need that data. In worse case scenario, if they have no backups, they have no other recourse other than paying. They will pay any sum because it's vital for the continued survival of the company. Much more is involved in a corporate scenario than in a home scenario.

At the end of the day, ransomware is not a very technically complex kind of malware. It's more of a concern because criminals are misusing a technology that is completely normal. We do have a lot of good things going. We have traditional detection. Traditional detection is a baseline. Then we can detect anything that looks vaguely like one of previous ransomware variants, even if it's vague, we can stop it and say: "This looks suspicious, stop that right there." And, more importantly, we have web reputation services, which means that any bad link that we already know of, because it's hosted on a bad IP.

What I might suggest for every person is to maintain a strong backup master plan and strategy. You should address ransomware as any other data corruption. Just as for any possible data loss, you should have a decent backup strategy available. Should you fail to have one, then you are susceptible to data loss. What if tomorrow your light goes off and your hard disk fails? What happens? Are you going to ask for any sort of compensation from the hard disk manufacturer or from the electric company? Maybe you would, but you are still screwed because you don't have your data.

More Stories By David Balaban

David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.