Ransomware
The Best Defense is a Good Offense Don’t wait until it’s too late

Ransomeware

 

What are we talking about?

Ransomware is any type of malicious code that is used to hold a victims data hostage. The goal for the cyber criminal is to extort a ransom from the victims, usually paid in cryptocurrency, to help hide the trail the ransom takes. The increase in remote work in recent years has also helped to increase the proliferation of these attacks. There have been over 200 ransomware attacks in 2021 alone. Some of the more notable attacks have affected victims including Acer, Accenture, Apple, Colonial Pipeline, Kia Motors and the Washington D.C. Metropolitan Police Department.

Ransomware continues to become more prevalent every day with cyber criminals using a wide range of techniques to compromise individuals, businesses, and governments. The Federal Bureau of Investigation (F.B.I.) received 2,474 complaints of ransomware resulting in losses of over $29,100,000 USD. Regarding ransomware losses, this number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services acquired by a victim. In some cases, victims do not report any loss amount publicly to protect their reputations, thereby creating an artificially low overall ransomware loss rate. 1

One of the first documented cases of ransomware was the AIDS/PC Cyborg Virus in 1989. The attack was distributed by floppy disk and required victims to mail $189 to a Post Office Box in Panama. The floppy was distributed through a mailing list under the name of AIDS Information Introductory Diskette. The attack was launched after the 90th boot of the system and encrypted the contents of the system’s C: drive.

info

Figure 1 – An Example of the Ransom Demand 2

Interestingly, the virus contained the following End User License Agreement {EULA}:

If you install [this] on a microcomputer then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs. In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg 3 Corporation and to use program mechanisms to ensure termination of your use.

These program mechanisms will adversely affect other program applications. You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life and your [PC] will stop functioning normally. You are strictly prohibited from sharing [this product] with others.

I guess reading EULA’s might be a good idea!

 

How does it work?

Ransomware compromises take several different attack vectors. Some of the more common vectors are:

  1. Software vulnerabilities – Security vulnerabilities in existing software can be used to
    compromise systems and deploy ransomware.
  2. Email Compromises – Email accounts can be compromised through malicious malware that both deploys ransomware and also uses the compromised account to infect other users in the victim’s contacts. These attacks have been targeted to specific companies and also used to spam mailing lists.
  3. Remote Desktop Protocol (RDP) – RDP compromises can be accomplished by brute force or by
    purchasing credentials on the dark web.

image

Attacks have only gotten more sophisticated and insidious from there. Here is an example of an attack on critical U.S. infrastructure. It shows how quickly and to what devastating economic effect these attacks can unfold. The Colonial Pipeline moves fuel from Texas to New Jersey and supplies refined oil for gasoline, jet fuel, and home heating oil. The pipeline accounts for about 50% of the fuel required for the East Coast. On May 6th, 2021, the hacker group Darkside accessed the Colonial Pipeline network by reusing a VPN password. The complexity of password was most likely sufficiently complex but the fact that it was reused for another account made it vulnerable. The data breach in the secondary account is where Darkside gained access to the compromised password. By May 7th, Colonial Pipeline had paid the ransom of 75 bitcoin valued at $4.4 million USD. On May 9th, President Joe Biden declared a national emergency. It took until May 12th for Colonial to secure its network and resume service. The trickle-down effect of the attack was also devastating to the economy and average citizens, resulting in additional millions of dollars in costs to taxpayers, shareholders, and consumers of refined oil. The price of refined oil in May of 2021 rose to the highest level in seven (7) years partly attributed to this ransomware attack. New threats appear on the horizon every day. Criminal organizations are now selling ransomware as a service to other criminal enterprises. If you think switching to Software as a Service (SaaS) is costly wait until you get the bill for Ransomware as a Service (RaaS). RaaS kits range in cost from $40 per month to several thousand a month or a percentage of the profits and provide features such as user reviews, forums, bundles, and 24/7 tech support.


image
 

Why do I care?

According to Cybercrime Magazine, “Ransomware will cost its victims more around $265 billion (USD) annually by 2031, Cybersecurity Ventures predicts, with a new attack (on a consumer or business) every two (2) seconds as ransomware perpetrators progressively refine their malware payloads and related extortion activities. The dollar figure is based on 30 percent year-over-year growth in damage costs over the next ten (10) years 4.”Companies and individuals alike need to protect themselves from ransomware and know what to do if the worst happens. The cost to victims can be devastating and lead to business losses including loss of customers and even bankruptcy.

What should I do about it?

SUMURI Professional Services can be your partner and help to defend against these kinds of attacks or help mitigate the damage in the event of an actual compromise. ALL businesses should be prepared for the increase in cybercrime in the years to come. SUMURI Professional Services works with a wide variety of clients from small to large businesses to help secure their future. Let us help you defend against ransomware attacks by analyzing and mapping your network to close unnecessary attack vectors, ensuring your software is patched and up to date, auditing firewalls, antivirus software, and multi-factor authentication, educating employees to help avoid common pitfalls and implementing or updating disaster recovery plans.

Should the worst happen our team of experts can assist with incident response, investigation, remediation, ransomware negotiation, and recovery. Our team has decades of experience in federal, state, and local law enforcement and corporate DFIR investigations. Don’t try and go it alone contact us today for a free consultation at 302-570-0015 or submit a request for assistance.

Reference Link:

  1. https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
  2. https://en.wikipedia.org/wiki/AIDS_(Trojan_horse)#/media/File:AIDS_DOS_Trojan.png
  3. https://en.wikipedia.org/wiki/File:AIDS_Information_Introductory_Diskette_Version_2_0_kopiera.jpg
  4. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-250-billion-usd-by-2031/