SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybercrime selling like hotcakes: Ransomware sales soar 2500% in one year
Tue, 28th Nov 2017
FYI, this story is more than a year old

The way criminals ply their trade has changed dramatically since the rise of the digital era, and not for the better – at least for the victims.

“Twenty years ago, if a crime boss wanted to get rich quick, they'd get a crew together, buy some hot guns, steal a getaway car and rob a bank. In the digital era, stealing massive sums of money is much less risky, and a lot less dramatic,” says Emmanuel Marshall from MailGuard.

“To make a big score in 2017 all criminals need to do is get on the dark web, buy some ready-made ransomware and start firing out emails. It won't even cost them a lot of money to get started; basic ransomware can be had for a few dollars and run on a phone.

Marshall says today there are sophisticated and comprehensive operations making and supplying ransomware that even provide IT support to their criminal customers.

Carbon Black recently released a report that revealed sales of ransomware on the dark web have skyrocketed an almost ridiculous 2,500 percent since 2016.

“Basic ransomware can be had for as little as US$0.50 in the illicit software marketplace, so it's little wonder that this is a booming industry,” says Marshall.

“Because ready-made ransomware is so cheap and ubiquitous now, it's no longer only malevolent geeks who are capable of running email scams; pretty much anyone with an internet connection, a few dollars and a conveniently sub-par conscience can get into the ransomware racket.

Furthermore, every single one of the businesses surveyed in the Carbon Black report would be willing to pay a ransom if their files and documents were rendered inaccessible by malware.

Given this amount of ‘willingness', it's certainly not hard to see why the sale of ransomware has shot up so much.

“At this point you might be thinking, ‘well it probably won't happen to my business and even if it does we'll just pay the ransom and get on with it.' It might seem like a small inconvenience to deal with a ransomware scam; pay a few thousand dollars and get your files back,” says Marshall.

“The thing business owners forget to factor in is the collateral damage done by a ransomware attack. With the computer system locked up, business will pretty much grind to a standstill.

This means no communications, no access to accounts, no payroll facilities, and no ability to do work of any kind until the ransom is paid – and even then, there is no guarantee that the criminals will restore access.

“Add to the above, the damage to a company's reputation that being involved in a ransom attack will cause, and the cost of lost opportunities during the time that the computer system is frozen, and you are potentially talking hundreds of thousands of dollars in collateral losses,” says Marshall.

“The impact from cybercrime attacks resonates through every aspect of a company's business. The perceived vulnerability to attack erodes an organisation's standing with supply chain partners, investors and the public alike.

Marshall cited Brad Smith of Microsoft who presented a keynote speech at Microsoft Inspire 2017 to illiustrate that while most businesses use some sort of endpoint virus protection on their computer systems, there is a dawning realisation in the IT world that such measures are no longer effective.

“You can't defeat the threats of the present with the tools of the past. What we've learned is that 90% of all security intrusions start the same way, with an email and a link that takes somebody to a harmful website. Every company has at least one employee who will click on anything, and that is pretty hard to protect against,” says Brad Smith, president and CLO of Microsoft.

In terms of advice for this ransomware epidemic, Marshall says the most commonly recommended protection from ransomware attacks is to practice regular automated backups of important files and data to an off-site storage facility.

However this isn't always possible (particularly for SMBs), so at the very basic level you should NEVER click on links from unfamiliar email senders and always verify the email is actually from the purported sender by clicking on the ‘details' box at the top of the message.