Most Ransomwares Not So Bad

  /     /     /  
Publicated : 22/11/2024   Category : security


Most Ransomwares Not So Bad


Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.



While some researchers point out how
ransomware is quickly growing more sophisticated
, Engin Kirda says the lions share of ransomware seen in the wild isnt so clever.
People are making it sound like its so bad it cant be detected, says Kirda, chief architect and co-founder of Lastline and a computer science professor at Northeastern University. I just want to set it in perspective.
At
Black Hat
Las Vegas next month, in his session
Most Ransomware Isnt As Complex As You Might Think,
Kirda will present his findings from looking at a broader selection of ransomware samples. Hell show what they can and cant do, and how they could be detected.
Certainly, Kirda acknowledges, there are cases when truly clever cryptoransomware confounds security forensics companies. In April, the
Tewksbury, Mass. police department paid a $500 ransom to CryptoLocker operators
after private information security firms, the Department of Homeland Security, and the FBI all failed to decrypt locked files (which included backups) after five days of trying.
Similarly, Kirda says that cases like the WIPALL wiper malware -- which locked the client machines at Sony Pictures Entertainment, made mysterious requests, then later wiped all the machines -- have led some people to the perception that malware is frequently used in targeted attacks.
Yet, targeted attacks arent really the ransomware M.O.  -- unlike kidnappers, ransomware operators go for volume, asking many targets for modest sums. 
Who do you make money from? You make money from normal people, Kirda says, and most ransomware is simply good enough for normal people.
Kirda says that although ransomware technology
could be
used for very nasty attacks, in the majority of cases, the payloads arent actually very sophisticated. Even CryptoWall, which the FBI called the most current and significant ransomware threat targeting U.S. individuals and businesses, has different families, some of which are equipped with the most nefarious capabilities and others that arent.
In a lot of cases, Kirda says, they dont run in kernel level; just the regular application layer. They might use encryption, but theyll use weak algorithms and poorly implement them.
They do encryption, but they do a terrible job of it, he says.
Other ransomware doesnt even have the capabilities it claims to have; its just bluffing, says Kirda. It might threaten that its going to delete data that it doesnt actually have the ability to delete.
Its more like scareware [than ransomware], says Kirda, but the [regular] user doesnt know that.
Kirda thinks there are better ways to stop ransomware -- ways he plans to outline in his
Black Hat
session
.
Among these methods is behavior-based detection and watching for how files change. Of course, that requires a move up from simply signature-based anti-virus -- something that has been a tough sell even in the business world, much less the consumer world.
Some of the technology we have right now, its not targeted to normal users, says Kirda. He hopes behavior-based detection will make the jump to the consumer market soon, because it could make a big difference against ransomware.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Most Ransomwares Not So Bad