The Evolution of Ransomware Distribution

The ransomware industry is exploding, an unearthed pot of gold for cyber attackers. Often, if not everyday one can find a story or an article related to a new occurring ransomware attack. For cybercriminals, ransomware is a lucrative prospect, easily accessible and with a relatively low risk. By the same token, it is a hellish nightmare for CEOs; offline networks, lost productivity and other bureaucratic issues. 

The basics of ransomware are simple to grasp. It is a type of malware which blocks a user’s access to their personal files, data, and information until a ransom payment is sent to the perpetrators of the ransomware. Increasingly turning into a business industry, ransomware has ranked on top of the list for much of the renowned tech and cybersecurity giants including Symantec, Forcepoint, and Dell. Like any industry, it has its customers, competitors and the final objective of profiting. There are market shares to be won and customers to lure in. For the foreseeable future, ransomware is here to stay, but that is not to say that you cannot protect yourself against it.

Evolution of the Ransomware Industry and Notable Cases

As mentioned above, cybercrime is boomingly morphing into a business sectors in a similar manner to legitimate industries. Cybercriminals have evolved into diversifying their criminal and malicious activities, segment markets, and capitalise on customer service to increase business.

Ransomware cybercriminals tend to operate with Bitcoins and payments is generally requested in cryptocurrency. With ordinary folk, the case becomes more complicated, most of them never even come into contact with the concept of real digital currency – unregulated by international banks, much less so operate their finances with cryptocurrency. Hence, it has become a tendency for cybercriminals to provide a step-by-step instructions manual to help victims through the process. The better the customer service, the higher the likelihood of victims paying up their ransoms.

The crippling cyber invasion of the WannaCry ransomware left in its aftermath the corruption and intrusion of more than 300,000 computers worldwide. A new variant of the Dharma crypto-family, the .cesar file virus, has been making the rounds lately. This Dharma variant is not that different to how it infects a user’s device compared to its predecessors. Nonetheless, one major difference stands out, that being Cesar having been uploaded as a RaaS (Ransomware as a Service) within the abyss of the deep web marketplace. In essence, any file or program can be utilized and deployed to spread around Cesar ransomware as well as by anyone who is seeking to engage in cyberattacks.

Following the unprecedented attacks, large businesses and small alike reached a census; their infrastructure ought to be future-proof and protected. Recent survey conducted suggests that respondents from some of the most advanced world economies in the likes of Germany, UK, US and Australia all saying a quarter of all business leader added cybersecurity to the top of their agendas in response to the WannaCry attack.

The cyber world is a volatile and uncertain place hence why companies and individuals alike must take safety precautions to protect themselves in the face of ransomware attacks. Data is precious and for many it ought to be kept secure and protected. With just eight weeks since the last ransomware attack on such an immense worldwide scale, a different threat emerged yet again, Petya or NotPetya ransomware, hit global systems. Effectively the new strain of the Petya family was intended and used accordingly to contaminate Ukraine’s international airport and central bank, even to lengths some may find alarmingly extreme such as infecting the Chernobyl nuclear facility. The ransomware continued its mission and went along to contaminate the world itself. Some experts even go to the lengths of arguing NotPetya could be more lethal than WannaCry itself.

Traditional antivirus techniques have become obsolete nowadays. Brand new Windows applications and programs, thirty years ago, had an average development rate of around one new piece of software per month. Evidently that is not the case anymore, with over 10 million malicious applications being developed annually.

The worm proficiency of NotPetya if compared to the WannaCry ransomware, have significantly been bolstered, meaning Not Petya is able to flood infected networks at quite the extraordinary speed. Leaving one unprotected device, could compromise the entire network. To elicit the extent to which ransomware can evolve, some of Microsoft’s most experienced and talented researchers claim that NotPetya utilizes multiple ‘lateral movement’ strategies, meaning that it is able to transcend network borders via basic file-shares, all of that whilst the ransomware can also display ‘trojan-like’ abilities to hijack vital information and data.

While researchers state that phishing emails and watering hole attacks are one of the main methods of distributing malware to users and businesses alike, it is nonetheless viable that infections are spread via software update systems for Ukrainian tax accounting package called MeDoc. The protection method most commonly employed against cyber-attacks is currently labelled as interrogative virus analysis which closely and rigorously inspects code that may seem suspicious, is not entirely up to par in regards to an ever-evolving malicious programming and the threats resultant from it.

Why do we Fall Victims to Ransomware and How to Mitigate the Effects?

So why do so many users and businesses get infected with ransomware? As patronizing as it may be, the answer is clear-cut: adequate protection is not being prioritized and it is not installed on their systems.

RaaS (Ransomware as a Service), is a method for inexperienced cybercriminals to obtain the services of another hacker via the dark web. It is easy to operate and distribute. Ransomware has become accessible, furthermore proving its efficiency in gaining large scale profits on a worldwide scale. Major attacks on hospitals, financial institutions, electric and water providers have made ransomware a lucrative business on a mass-scale. Hence, cybercriminals are enabled to tailor attacks to their own needs and target more businesses, likely to pay heftier sums of money as compared to ordinary users.

Although ransomware attacks are becoming ever-more sophisticated and prevalent, users and businesses can still take steps to ameliorate the effects in the event of an infection. There are rare cases when the ransomware’s encryption keys have been broken and the generally accepted binary choice of either paying the ransom or losing your data avoided. In 2014 researchers were able to decrypt the key for Cryptolocker malware and distributed to those affected. As recently as the Petya ransomware – which encrypts a device’s boot record rendering it unusable hence it cannot be switched on, an application developer managed to crack the malware password and provide users with the decryption keys.

For users and business alike, assuming that solution will be already in place for when and if an infection occurs would not be the ideal approach to dealing with ransom wear. However, it is recommended that all data be securely backed up and in addition companies are strongly advised in using application whitelisting in order to update all software patches and antivirus definitions. Also, restricting company user’s networks access and ability to install arbitrary programs which could potentially be malicious is also recommended by experts.

Most certainly we could use economic principles ion this case and argue that the low-cost, low-risk and high-reward nature of establishing a successful ransomware scheme will inevitably see cybercriminal increasingly venturing into malicious endeavours of the ransomware sort. More specifically, with an increased consumer choice in the likes of RaaS (Ransomware as a Service), entering the cybercriminal market is easier than ever.

Kristian Iliev

Author Bio: Kristian Iliev is a second year student at The University of Edinburgh studying Social Anthropology and Social Policy. Avid enthusiast of cybersecurity, software, and anything to do with IT, films and filmmaking, as well as the insides of any watch she can get her hands on. Passionate about politics and the current state of affairs. Books and education are a prerequisite for self-actualization and a healthy lifestyle.

Kristian Iliev is a guest blogger, all opinions are his own.

The post The Evolution of Ransomware Distribution appeared first on CCSI.

*** This is a Security Bloggers Network syndicated blog from CCSI authored by Guest Author. Read the original post at: