Recent stories have focused on ransomware, its implications, increased usage and complexity. With the usage, this is a natural progression. The digital organized crime groups have seen the potential profits involved with this. There is a vast number of new targets coming online weekly to be phished over and over. With each breach and compromise there are new lists of contacts. This is a simple, linear algorithm. The more targets in the pool represents a larger potential number of victims, and by extension revenue.
There is a positive correlation with the number of targets and the number of attacking entities in the market. This revenue is a strong point of attraction. This also works in the inverse, as the smaller the market, the fewer number of attackers that would be in the market.
Ransomware also has been growing in complexity. This used to be a simple email with a link or attachment. The email body would have poor spelling and grammar, and most people would be able to note the email was phishing in nature. Time has provided guidance as to better methods to generate these. Now, these emails have better wording, and grammar, and there may be the links or picture, or in the better organized phishing emails an illegible PDF with a link to follow. This last option has become in use more and has become more effective.
There is also an increase in the variety of industries being attacked. This used to be predominantly professional offices, with attorneys or accountants, or manufacturers. This has recently increased with robots in the manufacturing industries being reduced to an inoperable mass of metal, until the ransom is paid and the operating system released from the ransomware.
The latest iteration with ransomware is rather creative. The attackers had targeted a city. In this case, Atlanta was attacked successfully and certain services hampered or shut down. This rather large city was attacked with SamSam. The city leaders were unsure as of March 26th if the city was going to pay the ransom or not. This same tactic was successful previously in attacking the Colorado Department of Transportation.
As long as there will be a ransom to be paid, this attack is not going to slow down. This attack is also going to continue to be successful as long as training for the employees is lacking and senior management/leadership is not willing to fix issues. The city was notified months ago of the IT system vulnerabilities that needed to be addressed and if these were not, the city systems could easily be compromised. The city’s management was given the 41 page document last summer. From the report, there are many significant and severe vulnerabilities. These had been present for so long, it became clear the leadership had become lackadaisical. There were literally thousands of vulnerabilities noted. This attack was preventable.
The follow-up issue is whether the city should pay or not. By the status of their IT system, the city probably would not have back-ups which are viable. This limits the ratio of options. The issue however is with paying, is the attackers know the system now. In theory they could re-infect this in a week and collect the fee again.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!