Story image

Why business is looking good for ransomware criminals

22 Nov 2017

New findings from a report that Carbon Black has just released show it is easier than ever for criminals to extort money from victims through ransomware. Our report ‘The Ransomware Economy’, shows that the market from this insidious form of malware is an estimated $1 billion.

Investigations by our Threat Analysis Unit (TAU) found that cyber criminals are increasingly seeing opportunities to enter the market and looking to make a quick buck via one of the many ransomware offerings available via illicit dark web marketplaces. In addition, the basic appeal of ransomware is simple: it is turnkey. Unlike many other forms of cyber attacks, ransomware can be quickly and brainlessly deployed with a high probability of profit.

As a result, the amount of money being extorted by ransomware is much higher than it’s ever been.  Payments associated with ransomware went from $24 million to $1 billion from 2015 to 2016.

The size of the market is allowing criminals to specialise within the ransomware ecosystem. When the market was $24 million, criminals had to do it all themselves. There was no way they were going to let someone else take a piece of their $24 million. But when you’re talking about a billion dollars criminals are happy to settle for as smaller piece of a very large pie.

What this means is that there is specialisation, with dedicated groups of people focusing in on one piece of the problem and getting really good at solving it. This means they are much more likely to succeed.

The other issue with the increasingly specialised nature of ransomware is that individual criminals don’t need to have all the skills necessary to mount a ransomware attack. So the barrier to entry becomes a lot lower because they can simply buy the services they don't know how to do themselves. This ease of access has been the main driver behind the growing frequency of ransomware attacks.

Notes from underground

The increase in specialisation witnessed by our firm and the IT security industry in general has created an underground economy that allows the attacks that are conducted to be more successful because there are people specialising in their piece of it, spending much more time, money and effort on clearing hurdles.

One of the biggest hurdles to ransomware becoming a billion-dollar business was payment. Getting malware on to a computer is not that difficult for criminals, however the advent of bitcoin has allowed them to access payment facilities more easily.

In the past, criminals had to rely on either wire transfers or credit card payments; both have advantages and disadvantages. A wire transfer was hard for victims to initiate, making them less likely to pay up in this way. Credit cards were easier, but for criminals there was always the risk of the victim phoning up the credit card company and cancelling the payment.

Bitcoin is the ‘middle ground’ for criminals. It's like a wire transfer in the sense that once it has happened, the payment has been made and can’t be reversed by the victim. Bitcoin is easier to set up than a wire transfer and it is in the victim’s realm of convenience: they’d rather pay up via bitcoin than get a new computer.

Crime and punishment

Another problem in tackling cyber criminals is jurisdiction. With normal crime, both victim and criminal are in the same jurisdiction. Ransomware attacks are borderless and often the victim and perpetrator are in different countries.

Who is supposed to prosecute? The victim is in London, but the crime was actually committed in China. The lack of clarity over international cyber-policing makes this an incredibly difficult problem to solve, and it’s a situation that heavily favours the criminals.

Those behind ransomware can be split into three tiers: the authors of the malicious code; those that leverage the malware (by offering ransomware-as-a-service), and the distributors. In order to confront this problem, it needs to be tackled upstream and we need to limit the incentives for malware authors.

This means using a predictive security cloud model that identifies the most dangerous threats facing an organisation. This combines big data analytics with information from within an organisation’s systems to identify potential attacks, threats and other indicators that can protect infrastructure before it ever falls victim to an attack. This helps security specialists within the organisation predict what could happen based on accurate data and makes the task of confronting ransomware authors and attackers that much more difficult and less lucrative.

In the absence of an international legal cyber-deterrent, this kind of proactive defence on the part of potential ransomware targets is the most effective way to disrupt the booming ransomware economy.

Article by Mike Viscuso, Carbon Black CTO and co-founder.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.