/* ---- Google Analytics Code Below */

Monday, March 22, 2021

Continued Worsening of Ransomware

Is there no solution?    A means of detecting the patterns left by this kind of malware?  

The Worsening State of Ransomware   in the ACM    By Samuel Greengard

Communications of the ACM, April 2021, Vol. 64 No. 4, Pages 15-17   10.1145/3449054

No things elicit terror quite like switching on a computer and viewing a message that all its files and data are locked up and unavailable to access. Yet, as society wades deeper into digital technology, this is an increasingly common scenario. Ransomware, which encrypts data so cybercriminals can extract a payment for its safe return, has become increasingly common—and costly. A 2019 report from security vendor Emisoft pegged the annual cost of ransomware in excess of $7.5 billion in the U.S. alone.1

"Individuals, businesses, hospitals, universities and government have all fallen victim to attacks," says Chris Hinkley, head of the Threat Resistance Unit (TRU) research team for security firm Armor. In a worst-case scenario, ransoms can run into the tens of millions of dollars and close down an organization's operations entirely. It has forced hospitals to redirect patients to other facilities, disrupted emergency services, and shut down businesses.

The problem is growing worse, despite the development of new and more advanced ways to battle it, including the use of behavioral analytics and artificial intelligence (AI). "Cybergangs use different cryptographic algorithms and they distribute software that is remarkably sophisticated and difficult to detect," Hinkley says. "Today, there is almost no barrier to entry and the damage that's inflicted is enormous."

Money for Nothing

The origins of modern ransomware can be traced to September 2013. Then, a fairly rudimentary form of malware, CryptoLocker, introduced a new and disturbing threat: when a person clicked a malicious email link or opened an infected file, a Trojan Horse began encrypting all the files on a computer. Once the process was complete, crooks demanded a cryptocurrency payment, usually a few hundred dollars, to unlock the data. If the person didn't pay in cybercurrency, the perpetrator deleted the private key needed to decrypt the data and it was lost permanently.

Today, a dizzying array of ransomware exists, with each variation developed by different cybergangs. Once they reside on a computer, the likes of Dharma, Maze, Ryuk, Petya, Sodinokibi, Lazarus, and Lockbit unleash malware that spreads across systems and networks—until the crooks decide to pull the trigger. Making matters worse, some cybergangs sell ransomware kits for as little as a few hundred dollars (or via a subscription that may run as low as $50 to $100 per month). These "customers," who have zero coding skills or software expertise, take advantage of a ransomware-as-a-service (RaaS) model to gain sophisticated capabilities, says Keith Mularski, a former FBI agent and now managing director of the cybersecurity practice at Ernst & Young.   ... " 

No comments: