Our recent #trendsider twitter chat focused on ransomware. If you haven’t heard about ransomware yet, the odds are good that you will soon. This is major growth area for cybercriminals.
Ransomware variants continue to pop up, each a bit more vicious than the last. Security tools continue to block and prevent ransomware, criminals continue to evolve and invest in their tools creating another cybercrime arms race.
Kicking off the chat, Fernando Montenegro came up with an excellent definition for the problem:
@marknca @andrewsmhay @HassanR56 I argue it’s a recombination of existing ecosystem tailored to maximize revenue from compromised systems.
— Fernando Montenegro (@fsmontenegro) October 11, 2016
For me, Fernando’s definition really hits home because ransomware is all about the economics. This is a very direct method of making money for criminals. The bar continues to get lower and lower for criminals to start a ransomware campaign. Sadly, the cost for users continues to rise.
Our second question of the day looked at that cost as we asked if people were seeing ransomware active in their industry. Andrew Hay, CISO at Data Gravity, cut to the heart of the matter with this response;
@marknca why compromise the data on the work laptop when you can, instead, attack the home PC…that has the same work data #Trendsider 😛
— Andrew Hay (@andrewsmhay) October 11, 2016
This means that everyone is a potential target and this mirrors the activity we’ve been tracking. A lot of ransomware campaigns are broadly aimed as criminals are looking for any target they can reach. Today, these attacks are more opportunistic but that’s going to change.
(a3) this is THE growth area for #cybercrime. minimal investment, solid return, almost no risk #trensider https://t.co/LU7X2v1bIM
— Mark Nunnikhoven (@marknca) October 11, 2016
There is simply too much money involved in ransomware. Criminals are going to expand their campaigns and start to be more selective in their targets. This is a business endevaour for these criminals and business is good.
When asked about target and expansion, Andrew again had a scary–and spot on–perspective;
@TrendMicro A4: Any org with a dangerous combination of lax security controls and sprawling data is an ideal target #Trendsider
— Andrew Hay (@andrewsmhay) October 11, 2016
If you’re feeling like the sky is falling and you should be scared of your own shadow.
Don’t be. It’s not all doom and gloom (though what do you expect when you get a bunch of secure folks in a virtual room to discuss a threat?). There some simple, straightforward steps you can take to defend yourself;
we didn’t touch on: DEFENCE
1) email filters
2) sandboxing for suspicious binaries/urls
3) endpoint anti-malware
4) BACKUPS#trendsider— Mark Nunnikhoven (@marknca) October 11, 2016
If you’re interested in learning more about ransomware, I’ve pulled together some important links and posts that can help expand your knowledge of the topic and the trends in this area;
We’ve also wrapped the entire chat in a Twitter Moment so you can easily review the discussion. Check it out and continue the discussion with the hashtag #trendsider.