Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

Ransomware - Is Your Company the Next Blackmail Target?

Posted by Tom Sela on Jul 6, 2016 8:56:21 AM

ransomware.png

Ransomware is the biggest topic in the cybersecurity community right now – but this certainly doesn’t mean it’s a new concept. Malware capable of encrypting files on infected machines has existed since 1989, but today’s cyber attacks are far more sophisticated.What was once almost exclusively a threat launched against home users has grown to affect businesses in about 13% of cases, according to Kaspersky Labs research.

When the broken down to crypto-ransomware (attacks that encrypt files rather than simply block machine use), businesses are targeted in 20% of cases and the volume of attacks is only growing. 

How Do These Attacks Work? 

Tweet: Understanding how #ransomware works and where #cyberattackers are launching threats is more important than ever. http://ctt.ec/VafXi+

Understanding how ransomware works and where attackers are launching threats is more important than ever. Companies of all sizes must prepare for it to continue its rise in popularity as attackers look for quick ways to exploit businesses for large sums of money.

Here's a short video interview with Shlomo Touboul, CEO of illusive networks, that offers an brief explanation of ransomware:

Despite the fact that there are many different ransomware families, including Locky, Teslacrypt, Cryptolock, and CryptXXX, this type of threat works similarly regardless of the specific malware. 

Many of these cyber attacks begin with the human element, using social engineering to compromise a user’s machine.

This is often done with email spam campaigns as attackers try to convince users to open malicious Word document attachments or click on malicious links. When users click on these links or attachments, crypto-ransomware executes on the machine, working quickly to encrypt the valuable files attackers configure the malware to identify.

Once the files have been encrypted symmetrically, the decryption key is encrypted asymmetrically, making it impossible to unlock the valuable files without the decryption key. This is why attackers are so successful in getting victims to pay their ransoms—people are willing to pay to get their files back. 

Online banking fraud was once a far more popular way for attackers to exploit users for money; but security measures have become more trouble than the attacks are worth.

Tweet: #Ransomware has risen to the forefront of the #cybersecurity industry because so many companies and home users are entirely unprepared http://ctt.ec/AqelF+

Ransomware has risen to the forefront of the cybersecurity industry because so many companies and home users are entirely unprepared to defend themselves against attacks.

The Healthcare Industry—The Number One Target

Hospitals have become prime targets for ransomware attacks because they are generally unprepared for these kinds of threats. Rather, hospitals are often largely focused on HIPAA compliance for patient privacy instead of strictly cyber defenses. 

Recent research discovered that more than half of hospitals in the United States have been victims of these cyber attacks. With lives on the line, hospitals are often forced to pay the ransom to unlock patient files and perpetuate the trend.

Here are 3 mainstream ransomware attacks that hit the healthcare industry in 2016:

  1. Hollywood Presbyterian Medical Center was forced to pay $17,000 to unlock patient records after a multi-week attack in February 2016.

  2. Methodist Hospital in Kentucky also paid $17,000 to unlock patient files in March 2016.

  3. Three Prime Healthcare hospitals were forced to shut down all internal systems for several days in March 2016 as a result of these attacks. Prime Healthcare avoided paying the ransom, but system shutdown is unacceptable for many hospitals, making it difficult to not pay attacker ransoms. 

These are just a few examples of how hackers are capitalizing on security weaknesses in the healthcare industry. 

However, healthcare organizations aren’t the only companies struggling with cyber threats — financial services are also beginning to be threatened by ransomware attacks.

Why the Financial Services Industry Can’t Ignore Ransomware 

The financial services industry has long been a key target for cyber attackers because it often offers the most direct access to monetary gain. The healthcare industry might be an easier target, but banks shouldn’t ignore the growing trends.

There haven’t been many mainstream media examples of banking ransomware attacks, but that doesn’t mean they aren’t happening. The financial services industry faces a major challenges that home user victims have never had to deal with—the need to maintain brand integrity.

One ransomware attack could cripple a bank’s reputation and lead to long-term losses, not just a one-time ransom to pay. For these companies and those in any other industry, it’s time to take a more proactive stance against it.

Finding New Ways to Combat Cyber Attacks

There is a clear need for a new cybersecurity solution that mitigates the damages of ransomware. At the moment, it’s far too easy for attackers to compromise a machine and load an attack that can’t be decrypted. 

We believe that the Deceptions Everywhere®architecture can help companies defend themselves against ransomware. In the same way that deceptions flood attackers with endless streams of illusive data, the Deceptions Everywhere®technology can make the encryption process far more difficult for ransomware attackers. 

Ransomware and APT

Recommended reading for you:

Topics: Ransomware, Cyber Attacks

Tom Sela

Written by Tom Sela

Tom Sela (Twitter: @4x6hw), Head of Security Research at Illusive Networks, specializes in reverse engineering, malware research, deception development and OS internals.

Stay up to date!