Page 62 - Cyber Defense eMagazine June 2020 Edition
P. 62
they can pose as you, open credit, and even steal your money. This is why ransomware is so dangerous,
it is a prime gateway towards stealing your identity, all while convincing you to pay a ransom to keep it.
When a piece of ransomware lands on your computer and is executed, it starts restricting access to
important parts of your computer. Early on it would simply encrypt documents on your system, restricting
access to the data you need to do your job. Eventually, newer types of ransomware restricted access to
the computer itself, either by blocking access to your desktop or rebooting your computer into a locked
state. Lately, some more recent pieces of ransomware will copy your important data off of your computer.
In all cases a message is flashed on the screen instructing you to pay a ransom in some sort of
cryptocurrency.
In the first wave of ransomware (2016-2017), the model was
to ask for a small ransom, sometimes as low as $100, while
infecting as many people as possible. Starting in 2019,
ransomware’s second wave shifted in operating model.
Instead of widespread infection, newer campaigns started
targeting specific companies. Attackers worked for weeks or
months to get access to a specific company and would
deploy the ransomware on many internal computers once
they got access. The ransoms for these attacks grew to
thousands of dollars. The increase in ransom becomes viable
because the ransomware scare has increased the demand
for cyber insurance. If a ransomware event happens to a victim with cyber insurance, the insurance
company will assist in recuperating the ransom paid. This means the company is more likely to pay the
ransom.
As if all of this weren't bad enough, in January 2020 the
Maze ransomware campaign made a major escalation. In
addition to restricting access to the computer and/or
documents, this ransomware transmitted some of that data
off the computer to some sort of command and control
system. This bridges ransomware into the other major
business model of cybercrime, selling stolen data. Until
2016 the major source of revenue for cyber criminals was to
sell the data they stole to anyone willing to pay. Put it all
together and attackers can now turn hacked access to a
company into two separate revenue streams.
What's even more worrisome about these new ransomware
campaigns is that victims now must assume the
ransomware can and will transmit their confidential data over
the internet. These incidents suddenly fall into the realm of
mandatory data loss laws in California and Europe. The
burden suddenly doubles on the victim, since they were
ultimately responsible with safely storing personal data.
Cyber Defense eMagazine –June 2020 Edition 62
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
