Paladion, a security services provider in the Middle East, has said that the fastest-growing area of cyber crime has developed into a $1 billion-a-year industry complete with customer care departments set up to secure payments from victims of ransomware attacks. Cyber attacks using ransomware, a form of malicious software that allows criminals to encrypt personal files and demand payment for unblocking them, are profitable.
“This has encouraged setup of new criminal startups that make millions of dollars within months before being closed down to protect the masterminds from arrest,” explained Ravi Raman, SVP – Security Intelligence and Analytics at Paladion. “In the last couple of weeks we have seen the newspapers splashed with news of organisations, businesses and individuals been taken hostage by ransomware attacks. Both individuals as well as organisations are at risk today. The perpetrators have moved away from random attacks to targeted attacks on organisations.”
Ransomware, as the name suggests, is a type of malware that encrypts data on your system and demands ransom for decrypting it. Advanced 128 to 256–bit encryption algorithms are used to encrypt data. In most cases, decryption without the key is not possible. Affected parties are paying up – data for such organisations and individuals is very valuable and losing it is not an option.
The concept of extracting money from affected people and organisations has worked as data is important and is a lifeline. Once the perpetrators have tasted “blood” in terms of getting paid, it can always be assumed that there would be no let up. The Middle East region is now susceptible to more targeted attacks than ever before.
“In this situation, the modus operandi is totally different. The attackers resort to stealth and a slow process – along the cyber kill chain – to stage an attack. Those who are not prepared to move away from the traditional mode of defence to a more multi-dimensional oriented defence will be easy targets,” added Raman. “Over the past year, we have seen that UAE was the fourth highest affected in terms of ransomware in the Middle East.”
Ransomware has grown beyond Windows-based personal computers to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit. The UAE witnessed a 44% year-on-year increase in the number of ransomware attacks. Ransomware has gone through several improvisations over the past year or so – each variety of Ransomware designed to be more dangerous than the previous one.
“In the beginning the malware was modelled around a fake Antivirus — it attempted to extract money by intentionally misrepresenting the security status of a computer. The user was enticed to purchase software in order to remove non-existing malware or security risk from the computer,” explained Raman. “Then ransomware changed to extracting money by locking one’s PC screen. To unlock the screen people had to pay up.”
Among ransomware infections, CryptoWall, TorrentLocker, CTB-Locker, TeslaCrypt and other variants such as Viral Ransomware, ThreatFinder, CryptVault are currently active. Most of these malware morph frequently and reinvent themselves in a new avatar. “Within the UAE, finance, insurance and real estate sectors were the most affected by targeted attacks last year. Close to three quarters of all attacks were directed towards companies belonging to the above mentioned categories,” said Raman.
Be it individuals or organisations, a basic protective mechanism is to take regular backups. In the event of an attack, you are able to restore or go back to the backup. Having said that, the only way a disaster can be averted – unless you are willing to pay up – is to institute preventive mechanisms. This cannot be only through the antivirus software. The approach needs to be multi-dimensional.
“To detect such staged attacks, an organisation has to invest on tools that will enable it to run data science and machine learning models that can detect patterns from the network data; tools that rely not just on malware signatures but on other concepts such as Indicator of Compromises (IOCs) to detect them; tools that can quickly scan your network / end points for any typical compromises that you suspect may have occurred; tools that can scan for rouge browser plugins; tools that can detect C&C user accounts that could be used by malwares to piggybank on; and tools that can check for unused services that the malwares can morph into. The good news is that such tools are available. You will need such tools to prevent ransomware attacks. We need to be geared to protect ourselves from such threats when the stakes are high. Game changing threats need a robust multi-pronged strategy for effective protection,” concluded Raman.