Protect Your Data and Your Wallet
[Dateline: Safety Harbor, FL, 6-14-21] — [Alaris Threat Management Consultants is a leading provider of cyber defense for small- to medium-sized healthcare and medical practices. This article is an introduction to the current threat posed by ransomware.]
What is Ransomware?
“Ransomware” originates from two words: ransom and malware. A ransom, of course, is a price paid in exchange for a hostage; malware is a computer program intended to damage or hold hostage the device it infects. From this we can glean what a nasty piece of work ransomware is. The hostage in question is your company’s software-based infrastructure and data. Unfortunately, as with all technology, ransomware has become more advanced—and here’s how.
Nowadays, a typical ransomware attack begins under the radar. Without your knowledge, a cybercriminal will penetrate your network and start to exfiltrate your data, copying it to their own servers. In fact, your data gets used to their advantage, as they threaten to make confidential information public or sell it if you don’t pay up. Take this ransom note, generated by the ransomware service REvil, for example:
Cybercriminals don’t stop after exfiltrating your data, though. Once that’s over, they encrypt your files so that, until you pay, you don’t have access to it. That’s when ransom notes, like the one above, get sent out.
Now that they have your attention, they can initiate an attack that will bring your operations to a halt. Known as a Distributed Denial-of-Service (DDoS) attack, this attack will harness the power of multiple infected computers to disrupt external and, if they can, internal operations within your business. All this setup contributes to the current and most common method used by ransomware: triple extortion. If you don’t pay to have the ransomware removed, then:
1. Your confidential data will be publicly released or sold.
2. Your files will remain encrypted, meaning most, if not all, your data will become inaccessible.
3. The DDoS attack will continue, forcing your operations offline or shutting them down entirely.
Ransomware as a Service
You may have noticed that the ransom note above came from a ransomware service—not an individual, a service. Contemporary ransomware is, by and large, a joint venture. Ransomware as a Service (RaaS) has become popular and profitable for both the supplier and consumer. They operate using anything from a monthly subscription fee to pure profit sharing. An RaaS user logs into a portal, enters the specifics of the malware they wish to generate, then clicks “submit.” It’s as simple as that.
Users even have access to support, communities, documentation, updates… all of which you would find in a legitimate software service. And that’s just it—ransomware services look and act like legitimate software, fully supporting their userbases, because they want to guarantee they exfiltrate your data and receive a ransom payment. This consumer-first approach has bolstered the burgeoning RaaS ecosystem.
Ransomware has become extremely lucrative for organized crime. It is estimated that Ransomware generated $20 billion in revenue in 2020. A figure that is up 70% from 2019. With that kind of profit at stake, the bad guys are not going to go away quickly or easily.
Prevent or Lament
Still feel safe? Certainly, these scammers have bigger fish to fry and wouldn’t target your business, right? The unfortunate truth is that many RaaS users choose their target based on one criterion: vulnerability. If your IP is vulnerable, or if you have not properly trained your employees in proper cyber awareness, you are a target. The only good defense against ransomware is preparation. There is no one silver bullet that will protect from attack. Proper preparation requires management attention and policies combined with tools to detect and combat the threat.
Ensuring that ransomware never roots its way into your infrastructure is the only surefire way of avoiding damage, as obvious as it seems. Otherwise, purging ransomware is difficult and costly, an ordeal so frustrating that you might just give (and pay) up.
Information on the Authors:
Dave has more than 30 years of experience and holds 10 patents to his name. David Grootwassink (BSCS, MBA, PMP) has over 30 years of experience in communications technologies, security, and identity management. He started spending 6 years out as an Air Force officer involved in signals intelligence and electronic warfare; functionally red team for keeps on a global basis. Among the many awards received during his service, the most important was being decorated as the “Outstanding Contributor to Tactical Air Intelligence” during operations Desert Shield/Desert Storm.
After leaving the service, David led several identity management projects utilizing various forms of biometric identification.
Shifting into the communications industry he has developed many products for communications companies such as GTE, BellSouth International, and Illuminet. Finally melding communications and security together in both a blue team and red team stance for VeriSign and Yaana Technologies where the focus became communications security, interception, and intelligence support.
David currently holds 10 patents in the areas of communications and communications security.
Adam Krouk is a rising senior at the University of Florida, College of Engineering. He has interned with Alaris for two summers, attended Mannheim University to receive his proficiency in German and will graduate with a major in Computer Science and a minor in Mathematics.