Crime will pay for criminals using ransomware: security execs say
Bitcoin's anonymous nature makes it the perfect currency for criminals.
The on-going spike in the number of ransomware attacks and the subsequent payouts that have taken place over the last year shows no signs of abating, with the FBI expecting a large uptick in the number of attacks in 2016 and infosec executives predicting ransom payments could become a run of the mill business expense.
Chris Stangl, a section chief at the FBI's Cyber Division, told the Wall Street Journal, that its data for 2015 found 2,453 reported ransomware attacks that cost the victims $24.1 million. The FBI changed its data collection method during 2014 so a direct year-over-year comparison is not possible, but for the last nine months of 2014, when the same methodology was used, the number of attacks was higher, 1,838, costing $23.8 million.
"We agree with FBI opinion that ransomware is one of the most active trends in cybercriminal world, as it has a direct and profitable commercialization model – in some cases, without any significant costs, as most victims have a pretty insecure IT environment,” said InfoArmor Chief Intelligence Officer Andrew Komarov told SCMagazine.com in an email.
One reason why ransomware is not going away is because it's the quickest and safest way for a cybercriminals to monetize their illegal activity, said Travis Smith, Tripwire's senior security researcher in an email to SCMagazine.com.
“Reselling data can be highly profitable for cyber criminals, but requires expertise in both selling data, fraudulent activities, and/or the ability to sell on the black market. All of these are risky and increase the likelihood of the attacker getting caught,” Smith said in an email to SCMagazine.
The other piece of the puzzle that will help make ransomware the preferred choice for criminals is the availability of anonymous digital currency like Bitcoin. Bitcoin not allows the bad guys to remain in the shadows, and thus safe from the prying eyes of the police, but it is also easily accessible to the average person or company, Smith said.
This may be one reason why a number of high-profile ransomware victims, like Hollywood Presbyterian Medical Center, have opted to pay the ransom. Not only is it the fast way to get its systems back online, but the operation to send the money is simple.
“For businesses, paying the ransom becomes a business decision on which plan of action is more cost effective; paying the ransom or restoring data from backup,” Smith said.
Although why potential victims do not back up their data, which would negate the need to pay for its release, caused some execs to scratch their heads.
Adam Laub, STEALTHbits Technologies senior vice president for product marketing, said all that needs to be done is regularly back up data to be protected.
“Routine backups of data, cyber insurance policies, and adoption of known best practices such as the clean-up and consolidation of sensitive data assets further mitigate the actual damage that can be done in even the most successful ransomware attacks,” Laub wrote to SCMagazine.com in an email.
He also encouraged a proactive approach saying signature-based detection and prevention capabilities are excellent for catching known versions of ransomware and newer techniques using pattern and behavior based activity detection are highly effective at finding what has gotten by the first line of defense.
While erecting taller and thicker walls is a good idea, the bad guys are also not standing still. InfoArmor's Komarov said this company has spotted criminals starting to use Ransomware-as-a-Service as an approach. This has several groups working together to distribute malware and in return receiving a cut of the payment.
“Such approach may restructure the current ransomware market and create a large, new number of underground affiliate programs, increasing the number of new infections,” he said.