Subscribe to this bi-weekly newsletter here!
Welcome to the latest edition of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we explore the wild world of security.
Ransomware is quickly shaping up to be one the most significant online security threats of our era. And there’s no end in sight.
Although it’s been around for several decades, the first instance of what we now know as ransomware was documented in 1989.
Known as AIDS or the PC Cyborg Trojan, the malware targeted the healthcare sector via floppy disks. It counted the number of times a computer booted, and once this count hit 90, the ransomware encrypted all the files and asked the user to ‘renew their license’ by contacting ‘PC Cyborg Corporation’ and sending $189 or $378 to a post office box in Panama.
Since then these tried-and-tested moneymakers have evolved; they use more convincing phishing lures and they’ve become far more widespread.
Take some recent examples. The University of California, after a NetWalker attack on its systems back in June, negotiated with the hackers for a week before coughing up 116 bitcoin (or $1.14 million). Their original demand was a $3 million ransom.
According to a McAfee analysis published earlier this month, the NetWalker ransomware gang has netted as much as $25 million since March 2020, with some of the payments made following their expansion to the Ransomware-as-a-Service (RaaS) model.
“Essentially, [RaaS] works as a rental, with a group of hackers renting malware to cybercriminal customers with varying levels of involvement,” Gemini Advisory said in a recent report. “Some may offer just the malware and the decryption keys, while others offer a full package.”
One other worrying trend spotted since last year is “double extortion.” Content with not just encrypting the target’s files, the criminal gangs steal that data before deploying the ransomware, and hold it hostage in hopes that the victims will pay up rather than risk having their information leaked.
In what’s likely another case of NetWalker ransomware last month, the University of Utah ended up paying a $457,000 ransom to “ensure information was not released on the internet” despite having recovered the encrypted data from backups.
With many of the affected businesses lacking basic security hygiene, the bigger concern is the increasing spate of ransomware attacks will embolden cybercriminals to raise the stakes even higher.
When travel company CWT was struck by Ragnar Locker ransomware, it settled with the operators for a ransom of 414 bitcoin ($4.5 million).
“It’s a pleasure to work with professionals,” a Support person working on behalf of the ransomware gang said in a chat after handing over the decryption keys. “However we will keep the chat room and will be here for your support.”
What’s trending in security?
Instagram fixed a flaw that retained photos and private direct messages on its servers even after they were deleted by its users, state-sponsored North Korean hackers targeted the Israeli Defense Industry, and Ukraine arrested three men who allegedly ran 20 crypto-exchanges and laundered more than $42 million for ransomware gangs.
Data Point
Tweet of the week
That’s it. See you all in two weeks. Stay safe!
Ravie x TNW (ravie[at]thenextweb[dot]com)
