Page 68 - Cyber Warnings
P. 68
When It Comes to Ransomware Pay Now
By Carolyn Crandall, CMO Attivo Networks
Ransomware continues to dominate the security news cycle and the minds of most enterprise
organizations. Whether this is driven by the recent flood of Petya attacks, the previous global
WannaCry attacks or validation by recent studies such as the one by Trend Micro, which found
that new ransomware families increased by a whopping 752% in 2016, the concern is valid and
deserving of attention.
Notably, the report adds that the availability of open source ransomware and ransomware-as-a
service (RaaS) will continue to make it easier for cybercriminals to run their own ransomware,
further fueling attacker momentum.
Poorly patched Linux servers are also being targeted according to Web-Hosting company,
Nayana. The South Korean company recently agreed to pay $1M in ransom which effected
3400 customers on 153 of their servers.
While it may be a challenge for organizations to find the money for ransomware prevention, the
old adage “you can pay me now or pay me later” certainly applies here. If you can’t find the
budget for ransomware prevention, you may ultimately have to pay more if you don’t. Hopefully,
some of the findings here can help you obtain more funding if that is what is necessary.
The Petya ransomware takes over computers and demands $300, paid in Bitcoin. The malicious
software spreads rapidly across an organization once a computer is infected using the
EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not
everyone has installed it) or through two Windows administrative tools.
The malware tries one option and if it doesn’t work, it tries the next one. “It has a better
mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity
company Proofpoint.
According to the researchers who found another family of ransomware, RanRan, there has
been an interesting shift in tactics. Instead of being purely financially motivated, this specific
family takes a hacktivist approach by attempting to force a Middle Eastern government
organization to make a negative public statement against their leader.
This should give everyone pause as we think of this in terms of the FBI’s current investigation
into Russian interference with the recent presidential election. However, it doesn’t mean that
attackers have changed their ultimate goal—making money.
Healthcare, of course, became the poster child for ransomware after the attack at the Hollywood
Presbyterian Medical Center in Southern California last February. In that incident, a hacker
successfully held the hospital’s computer system hostage in exchange for $17,000. But the loss
68 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
