Organizations in a variety of industries have come up against some pretty vicious cyberthreats over the years, but we may just be living in the golden age of cybercrime. There are more opportunities for data theft, fraud and digital extortion than ever before thanks to an explosion of big data and the increasing digitization and automation of business operations.
In this three-part blog series, we'll explore the worst of the worst when it comes to cyberattacks. Not surprisingly, we start with ransomware, which may just be the strongest, most malicious leg of the cyberthreat trifecta.
Ransomware: A brief history
Ransomware got its start in 1986, when two brothers, Basit and Amjad Farooq Alvi, created a special "ransom" message tied to software that, "instructed users to call them if they saw the warning," according to CSO contributor Kacy Zurkus. The goal at the time was to prevent piracy; however, like all things made for good, hackers took a new spin on it, and transformed it into a devastating form of malware.
The first known case of malicious ransomware was disseminated in 1989 via floppy disks labeled "AIDS Information Introductory Diskette." It was called PC Cyborg/AIDS, and upon inserting it into the disk drive, it would encrypt the C drive. The infected user was then prompted to send $189 to a PO box in Panama. Upon receipt of payment, the attackers would send an email instructing the victim how to decrypt his or her files.
The same sort of trickery is used to spread ransomware today. In PETYA, for instance, human resources representatives will receive an email from a fake job applicant. Upon accessing the "resume" from a shared drive, the computer executes the malware, which then encrypts documents. Other strains of malware use macros, which are tools that automate certain functions in productivity software like Microsoft Word or Excel. An unsuspecting user may download a seemingly harmless document, run the macro and in Kafkaesque fashion, suddenly become a victim of a felony.
A prolific threat …
The conniving manner in which ransomware is disseminated – click-bait and download schemes that infect machines – is by itself problematic. Add in the fact that there are few remedies once an infection has occurred, and it only worsens the problem. Victims can pay the ransom (typically via cryptocurrency, no postage necessary), they can restore a backup (assuming they have one, and it's actually air-gapped from the network) or they can forfeit their files forever.
"Ransomware can impact employees mentally and emotionally."
For many people – especially in a bring-your-own-device environment – some of these files may even be personal documents or family photo albums. Not only is ransomware a threat to the organization as a whole, but it can also impact employees mentally and emotionally.
Not to mention, there's very little honor among thieves. Paying a ransom won't necessarily ensure the safety of your files, as one hospital in Kansas learned upon meeting hackers demands, only to be extorted for more money. At of the time of this writing, the FBI predicts that ransomware will rake in the $1 billion in 2016.
… But not a bullet-proof one
In a newly released webinar about the top cyberthreat facing the health care industry, Sam McLane, Arctic Wolf Networks' Head of Security Engineering provided an in-depth look at how ransomware behaves. Despite its multiple attack vectors, the speed at which it can deploy and the fact that employee are very likely to wait too long before contacting IT, ransomware has an Achilles' heel.
"If you know what you're looking for, ransomware is very easy to spot as it comes into your organization," McLane said. "It will phone home and say 'hey, I need an encryption package' or 'I need my security keys so we can unlock the data.' Those call-outs are detectable if you're looking."
So yes, ransomware is undoubtedly one of the top cybersecurity challenges faced by organizations today. If you're extremely lucky, it'll never happen to you. That said, it could destroy your business, and also cost your employees cherished data.
But if you're smart, and you have the right security services and tools in place to detect ransomware early and respond to it immediately, then you stand a fighting chance against this sinister cyberthreat.
This is part one of a three-part blog series about the top three cyberthreats facing modern organizations.