”Ransomware behaviour is its Achilles’ heel.”
Ransomware is known today by the family it belongs to, each of these families have different characteristics and also have a specific brand of file system activity. SOPHOS has done a commendable job in researching eleven of these families and published a research paper to that effect. The aim of the paper is to give ”security operators a guideline to understand the core behaviors that underlie the ransomware attacks.” The Sophos’ behavioral engine, Intercept X also uses this knowledge to convict ransomware. The knowledge of the defenders about the most prevalent and persistent malware families will help in tackling ransomware. As a simple analogy, it is like the professional knowledge of a police officer of organized crime gangs.
UNDERSTANDING RANSOMWARE IS THE BIGGEST INVESTIGATIVE CHALLENGE TODAY.
The biggest ransom is the complete loss of trust and credibility of business enterprises and the government.
”A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel, leisure and the public sector.” John Hammond of Huntress Labs said he had seen ransom demands form $500,000 to $5 million to get the decryptor. The smallest amount demanded is $45,000. What has been realized remains unknown so far. It is an evolving crime. It is said the sophisticated gangs on the REvil level examine the financial records of the victim – insurance claims if they can find them – before they encrypt the data. They threaten to dump the stolen data online, unless paid, which has become another source of income and a nightmare for the victim. What a fate, with police, investigative & intelligence agencies and defense forces intact, strongest of the nations are being attacked with gay abandon in broad daylight.
CYBER DEFENSES ARE THE REAL DEFENSE IN THE COMPLEX TECH WAR OF ATTRITION.
The world is just not ready to handle a crime of this nature.
If we go by some of the ransom payments this year; $2.3 million by Travelex, Colonial Pipelines $5 million, JBS $11 million, Garmin demanded $10 million, payment not known, Cognizant April 2021 payment not known etc. In the last two cases the data was decrypted, so you can come to your own fair judgement. These are a few of the cases in the jungle raj of data, the world over. This gives a clear indication of the fact that the ransomware industry is moving steadily in the direction of targeted ransomware attacks. They feel that is where the money is and they have been proven right. The technical, social engineering and business acumen professionalism which these hackers have gained over the years have emboldened them to go in for bigger catches.
TARGETED RANSOMWARE HAS ALREADY PUT COMPANIES, CYBER SECURITY EXPERTS, INVESTIGATION AGENCIES AND THE GOVERNMENTS ON THEIR HEAD.
Ransomware has become a collaboration-ware today
Cyber security happens to be America’s number one national security threat since 2014 and by extrapolation the number one international threat. In the criminal domain of Cyber Crime, *ransomware* as it stands today, would beat any other crime hollow, given the nature of sophistication, intensity and expanse of the damage. It happens to be bringing down business reputations and countries are forced to get into the limping mode. With all the critical data encrypted, you become outsiders in your own enterprise, the superlative of a lame duck, which has no parallel in crime history. Adding insult to injury you don’t know where to go and if you do, you are convinced of the fact that no worthwhile help would come in handy. The only question a crisis-ridden company, at that critical hour needs to answer, is whether to pay the ransom or not?
HOW MANY GOVERNMENTS ARE AWARE THAT RANSOMWARE CAN BE THE BIGGEST CHALLENGE THEY WOULD BE FORCED TO FACE, IF THEY REMAIN OSTRICHES OF THE CYBER WORLD.
These are the modern gangsters now.
Ransomware gangs have recently posted highly sensitive documents. These are the modern gangsters. These documents have been stolen from different companies. It includes classified business information, a confidential diagram from a defense contractor & power plants documents. An extremely nuanced system has been put in place. This is the interplay of releasing data as well as locking it up with encryption. This strategy turns up the heat on victims of ransomware. It is a $170 billion global problem today.
EVALUATING THE VALUE OF DATA AND THEN RLEASE WHERE IS HURTS MOST IS PRECARIOUSLY TREACHEROUS.
