The Business of Ransomware
As a refresher, ransomware is a malware that is activated by a user clicking on a website, opening an attachment or clicking on link from email or text message that has been infected. Typically, the hackers using the phishing technique try and trick users into clicking on links or opening attachments that launches the ransomware. Ransomware focuses on the number one vulnerability, people and infects all devices connected to the network. Typically encrypting the data and demanding money. Now that company’s have such large amounts of data it is too difficult to copy the data outside the network. So, hackers are encrypting the master boot record so the server will not boot up. Another tactic is to encrypt the data on the network, but extract sensitive data like customer data, social security numbers, date of birth, addresses, emails, trade secrets, etc., and demand money or the information will be released or sold on the dark web. The good news is this is preventable by educating users because the ransomware cannot be launched if the user does not click on the link.
NetWalker Ransomware Gang
According to ZDNet, NetWalker ransomware gang has made a profit of $25 million since March 2020. The gang of hackers has started ransomware-as-a-service (RaaS). RaaS is when hackers ban together and sign up through a vetting process, after which they are granted access to a web portal where they can build customer versions of the ransomware and profit share. The NetWalker process usually involves three phases: (1) NetWalker breaches company network to steal company’s data and encrypt files, (2) if the company does not pay the ransom they are posted to the NetWalker leak site, and (3) if the ransom is not paid NetWalker leaks company data after a certain period of time. Some company’s pay just to avoid the press nightmare.
https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/
Just the Facts
- 71% of the ransomware market segmentation is small and medium-sized business
- City of New Orleans paid over $7 million dollars in early 2020
- In 2019, Baltimore City government paid over $18 million dollars
- Businesses lost around $8,500 per hour due to downtime caused by ransomware
- City of Atlanta spent over $17 million in 2018 after a ransomware attack
Recent Ransomware Attacks
Honda Global Services
Honda became the victim of the Snake ransomware that shutdown some of their production facilities, financial services and operations globally.
https://techcrunch.com/2020/06/09/honda-ransomware-snake/
City of Cartersville Georgia
Cartersville paid $380,000 plus and additional $7,755.65 in transaction fees and negotiators from the Ryuk ransomware that occurred in May 2019.
Blackbaud
Blackbaud a software and cloud hosting provider was able to recover from ransomware, but paid the ransom to prevent hackers to delete the data.
Preventative Measures
- Educate users
- Firewall with intrusion detection and network bandwidth monitoring
- Antivirus
- Web filtering
- Phishing Testing
Tags: Cybersecurity, IT Security, Ransomware