External Threat Management

Ransomware: The Future of Cyber Crime

The next severe cyber threat targeting consumers may be ransomware. If you're a hacker, ransomware is very appealing because it allows you to collect payment directly from the victim as opposed to fencing stolen data. Most users aren't aware of how vulnerable they are to ransomware. Experts seem to agree that ransomware could be a major digital threat over the next five years.

This issue was presented in a panel discussion at Georgetown Law's "Cybercrime 2020: The Future of Online Crime and Investigations" conference held December 4, 2014. Author Brian Donohue writes in ThreatPost,

Indeed the panel agreed that ransomware is likely the future of cyber crime, at least as far as consumers are concerned. 'I think we are going to see ransomware scale well in the Internet of things,' Dai Zovi said. 'It's already targeting networked storage.'

Ransomware is basically a two-step scheme: malware is installed that encrypts or locks a machine and demands direct payment to decrypt or unlock.

In payment processing schemes, cyber criminals need to install the malware and figure out how to quietly exfiltrate the data they're after. Once they have the data they need to convert it into something they can use or sell. Adding to the difficulty for POS schemers, banks are increasing their security and putting into practice more secure payment forms like EMV.

Also, within payment processing schemes a very low percentage of stolen credit cards ever gets sold. In a recent episode of 60 Minutes, Brian Krebs of krebsonsecurity.com estimated that only 5% of the credit cards stolen in the Target breach will ever be sold. Essentially, thousands of credit cards need to be stolen to make the scheme worthwhile.

One of the most prolific ransomware campaigns in history was known as CryptoLocker, and it demonstrated how much money could be made by well-organized ransomware campaigns. Security Firm Fox IT mentions in its blog that CryptoLocker earned an estimated $3 million US for the group responsible over a nine-month period.

Traditional methods used to spread ransomware, including breached websites, are increasing in sophistication and tenacity. Meanwhile, newer techniques like embedding exploit kits via JavaScript manipulation of client-facing software and serving up malicious ads (malvertising) are emerging.

Favorite targets for website-based malware campaigns are major brands since they typically have thousands of web properties that are difficult to police and keep tabs on. For example, organizations with sprawling web presences tend to have large numbers of orphaned web pages, which are often unpatched and ripe for exploitation.

Ransomware is also a much more damaging digital threat to consumers than credit card theft. "Ransomware is the future; it's going to touch the consumer hard," Howard said. "Banks cover credit card fraud. Just wait until [criminals] start poking you for $20 per month." -- Rick Howard, CSO, Palo Alto Networks.

In other words, consumers have thus far tolerated credit card breaches because they can recover what was stolen. What happens when they aren't reimbursed? Odds are low that law enforcement will be able to help, and banks are not responsible.

It may seem far-fetched to believe malware spread via websites can reach enough computers to have a serious impact on consumers. However, a recent report on a malvertising campaign known as "The Kyle and Stan Malvertising Network," indicates that malvertisements appeared on "mammoth websites" over a prolonged period of time.

There is no silver bullet when it comes to addressing malware, and therefore no true preventative security solution for its variations like ransomware. However, maintaining constant vigilance with purpose-built detection and insight from experts can provide a strong foundation to address, respond to and mitigate campaigns before they cause widespread damage.

RiskIQ has put together a highly advanced digital threat detection system that focuses on the interaction points between large-scale Internet infrastructures and users. We've invested heavily in developing a detection system capable of simulating real user sessions in order to coax out well-disguised malware.

The scale of our web crawling technology allows us to offer customers continuous monitoring over all web assets. Brands looking to protect their online customer base can rely on RiskIQ to help them keep a watchful eye out for potential digital threats like ransomware.

Back to RiskIQ Blog

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor