Insights

/ Insights / Ransomware is Organized Business and Increasingly Effective, But What Is Being Done?

Free thinking from Grayling people

Ransomware is Organized Business and Increasingly Effective, But What Is Being Done?

2nd June 2016


Recently HPE released a whitepaper on “The Business of Hacking” that show cybercriminals have an extensive network of contributors with specialized roles that operate much like a business. The combination of increasingly sophisticated attacks and the growing number of attack vectors – from mobile phones, IoT, drones and cars – gives cybercriminals more targets, making any connected interaction, even visiting a legitimate web site, potentially a risky activity with dire consequences. So what can be done?

Even with the growing number of ransomware attacks almost half the country – 43 percent of consumers – still do not know what ransomware is or does; and our hospitals, utilities and government are increasingly vulnerable. This is another reminder that we need to more collaboration between private and public sectors in addition to developing better processes for identifying and developing cybersecurity talent

While the talent shortage is a long-term problem, with each passing week ransomware continues to grab headlines. The shutdown of TeslaCrypt and the master decryption key was a welcomed surprise to many. Over the last year, security vendors created decryption keys for TeslaCrypt, only to have a modified version do more harm. More recently an alleged variant of Cerber targets Microsoft Word users by leveraging the macros feature, used to combine a series of steps into one, to unleash ransomware that also launches DDoS attacks. It’s sold on Russian dark web, one of many cybercriminal black markets (that mask IP addresses) which making it harder to trace participants. Another ransomware called DMA Locker is now using command-and-control servers (a series of computer servers leveraged to control malware while avoiding detection) to make it harder to defeat.

Hospitals are commonly attacked and many pay the ransom, justifying it with the assumption that it would be quicker and less costly – cost and time to restore backups and in the interest of patient care quality. Unfortunately, many cybercriminals aren’t so honest. Locky, for example, accounts for 17 percent of all ransomware, hit the Hollywood Presbyterian Medical Center in Southern California earlier this year. Hospital officials paid $17,000 but its data was not unencrypted. Nationally, California  is especially being hit hard, with Colorado and North Carolina rounding out the top three.

By some estimates, ransomware accounts for less than 1 percent of total attacks, yet it’s become very lucrative for cybercriminals and very damaging for victims. $200 million have been paid out by victims during the first quarter of 2016, an 800 percent increase over the first quarter of last year. For perspective, CryptoWall victims alone coughed up more than $325 million in 2015. And according to the FBI’s Internet Crime Compliant Center (IC3) 2015 report, nearly 2,500 consumers and businesses filed ransomware-related complaints last year, with many more attacks unreported.

Phishing attacks, also used in ransomware attacks, saw a 250 percent increase also during the first quarter of 2016, according to the Anti-Phishing Working Group (APWG). On May 17, a 12 hour Locky ransomware attack pushed out 30 million messages in a spear phishing attack appearing to be an Amazon shipment update email, which preys on victims clicking on links sent from a “trusted” source.

Android users too have been heavily targeted by ransomware. Last year, Google handed out $2 million in security bounties to uncover threats yet Android remains highly vulnerable with more than half of Android users on the olderOS 4 and 5, or Jelly Bean and Lollipop. Android users have been locked out of their devices with drive-by download attacks that leverage digital programmatic advertising to unknowingly inject malware onto victim’s computer or device. Now Google is putting more pressure on carriers to push out OS updates faster, but carriers are pushing back to allow time to test the OS against the many new devices they carry.

The question remains – what are we doing to make it harder for cybercriminals to execute these attacks?

For more information about our cybersecurity practice, please contact Jin Woo: jin.woo@grayling.com.


Grayling Team

Latest Insights

15th November 2016


Is This Real Time?

Will Kunkel, Executive Vice President for Creative and Content in Grayling New York, on the final of our #7for17 trends, Live and Uncut‘Timing is everything’ has been a favorite line to many but...

Read More

8th November 2016


One Small Step for a Brand…

Danica Ross, Grayling San Francisco US Executive Vice President, on how brands can guide themselves through the ‘the new space race’ – part of our #7for17 trends series.In an era where brands...

Read More

3rd November 2016


Strange Bedfellows, or Pragmatic Policy-Making?

Russell Patten, Chair of Grayling’s European Public Affairs practice, looks at one of the major political trends as part of our #7for17 series. It’s been a turbulent year in politics, with the...

Read More