Ransomware Getting Easier For Both Bad Guys & Victims

  /     /     /  
Publicated : 22/11/2024   Category : security


Ransomware Getting Easier For Both Bad Guys & Victims


Ransomware operators can make a tidy living without much technical expertise or legwork.



Good news, everyone
: its getting easier to pay ransoms. Bad news: its getting easier to run ransomware campaigns.
Although CryptoLocker -- the biggest, baddest ransomware of them all -- was largely taken down by the
sting
that disrupted the Gameover Zeus botnet in June, there are many other ransomware schemes taking its place, including
CryptoWall
,
TorrentLocker
,
Simplocker
, and
Koler
.
The infection vectors are expanding -- Koler spreads through SMS text messages and CryptoWall uses malvertising -- but email phishing messages are still the most common method of ransomware distribution. The techniques dont need to be too sophisticated, because the attacks are not targeted.
Its a numbers game, says Joram Borenstein, vice president of marketing for NICE Actimize. Ransomware is not generally being used by nation-states, he says. Its generally just used to make money.
Ben Johnson, chief security strategist for Bit9 and Carbon Black, adds that the attackers are not distinguishing between a corporate user or a home user, a rich person or a poor person. An email address is an email address, a device is a device. The more devices they infect, the more ransoms they get, the better.
Managing relationships with so many victims could be quite a lot of work -- not just infecting a system, but issuing the ransom request, accepting payment, returning or decrypting stolen files, and all the customer service communications required in between. Yet, ransomware operators dont have that problem now.
They set up these [automated] infrastructures, says Johnson, so the entire process, from infection to cash-out to decryption, might be carried out and maybe there was never a human involved.
The ransomware underground is becoming more of a business. Malware authors issue better software with regular updates. Anonymity services get wrapped into the offerings. Cash-out mechanisms are simpler. Even the ransoms themselves are simple. They identify a good price point -- one thats high enough to be worthwhile, but not so high that an average home user wont pay it -- and charge everyone the same. The logistics of operating a ransomware scheme are not too challenging anymore.
The threshold to become a cybercriminal who wants to run a ransomware campaign has been dropping, says Borenstein, both in terms of price... and the technical capabilities required.
The lower the bar gets, says Johnson, the more people who can pick up the baton and run with it.
But making things easy for the operator is only one half of the ransomware business model; the other part is to make things easy for the victims.
While Bitcoin is the main go-to currency for ransoms -- largely because of the anonymity it provides -- some criminals are providing victims with a wider variety of payment options, including PayPal, wire transfers, MoneyPak, Ukash, and paysafecard.
Johnson says that some criminals will even provide tech support to victims who have paid their ransom but have not been able to recover access to their systems and files.
On the other hand, there are some cases in which people promptly pay the ransom and never get their stuff back. Yet, both Johnson and Borenstein say that is not the norm.
If the ransomware operators dont hand over the decryption key, says Johnson, its a macro-economic gamble on their part. If enough people pay and get nothing in return, nobody will continue paying at all.
For the most part criminals tend to keep their word, says Borenstein. However, what worries him is just because the machine or information has been decrypted, it doesnt mean that the crumbs arent still lying around. Is that device still infected... and is that going to be used for another attack later?

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomware Getting Easier For Both Bad Guys & Victims