Have you ever thought that ransomware is being created, bought, and sold in underground economies? According to a security firm’s research, from 2016 to 2017, there has been a 2,502% increase in the sale of ransomware on the dark web while cyber criminal economy has hit global revenues of $1.5 trillion a year, the FBI has said. Profit. That’s the incentive behind cyber crime!
2017 was a year of increasing threaten for ransomware. Falling victim to the global NotPetya cyberattack costed Maersk, the world’s largest container ship and supply vessel operator, up to $300m in lost revenues. WannaCry, GoldenEye, NotPetya were some of the attacks that led to heightened apprehension and vigilance from IT managers and operators across the planet. But what’s hidden behind a ransomware attack? And how cyber criminals “earn their living”?
Creation
A ransomware usually revolves around obtaining money to restore the locked down data of the victim. In other words, it is a cryptographic code, which is written to lock down the files. It is just like any other computer code written by developers based on a simple cryptographic algorithm. Therefore, to write a complex ransomware code, authors and cyber-extortionists must have very good knowledge of computer language and code writing.
Target market
Ransomware market “victims” are usually companies that retain vital information and can pay the ransom, of course. For example, healthcare organizations are a common target for cyber actors because of the pressure and the need to pay the ransom. Of course, history has shown that other industries such as the shipping are attractive too!
Distribution
Ransomwares are usually sent out as spam mail lists or specifically targeted hacks that exploit vulnerabilities.
Payment method
The cost is dependent on how customized the code is. The growing ransomware economy can be attributed to the anonymous payment services like Bitcoin which make payment procedure both simple for victims and “safe”for the ransomware operators. Bitcoins are already being used as the means of payment and a mass adoption of blockchain has begun to occur in almost every industry. Companies are even starting to keep a Bitcoin ransom ready in the event that they are affected from the aforesaid attack. There is no doubt that, bitcoin payment method allows ransomware actors to hide, ultimately contributing to the booming ransomware economy.
How organizations can protect their assets from ransomware attacks
The following steps can help minimize damage and maximize the chances of preventing a cyber attack:
- Build a strong cyber security awareness culture
- Have data audit and monitoring in place with an out-of-the box alerting system
- Enable real-time blocking to enable attack prevention
- Use deception techniques
- Perform classification scans to identify where your sensitive data is located in your network.
- Deploy a data-centric solution about file, database, web and other ransomware attacks.
You may also read our guidelines to help maintain maritime cyber security.