Ransomware is everywhere right now. Whether it's in the news coverage of latest exploits or in that seemingly harmless attachment sitting in your inbox, malware is running rampant! But beyond the ransomware basics like "email phishing is a major threat vector" and "cybercriminals demand Bitcoin to unlock files," what else do you need to know? What malicious trends are on the rise and how do they impact the way you position your data security services to prospects and clients? We've scoured the Web (well, not the Dark Web) to deliver the latest cybersecurity and ransomware findings!
1. Ransomware Now Poses the Biggest Cybersecurity Threat.
Move over, advanced persistent threat (APT) networks. There's a new sheriff (or rather, outlaw) in town! This latest finding comes courtesy of Kaspersky Lab's IT Threat Evolution in Q1 2016 report, which serves to stress that this issue isn't going away anytime soon. Consider these shocking statistics from the report:
- Security experts detected 2,900 new ransomware malware modifications appearing between January and March this
year – a rise of 14 percent (source).
- The number of attacked users was up 30% over the last quarter of 2015 (source).
2. Teslacrypt, CTB-Locker and Cryptowall Are 3 Ransomware Families to Fear.
There are many warring families dominating and fracturing the cybercrime landscape, each with their own territories to terrorize. According to the same Kaspersky Lab report referenced above, the three which have contributed to the highest percentage of infected users are Teslacrypt, CTB-Locker and Cryptowall respectively. So what's the breakdown?
- Teslacrypt - 58.43%
- CTB-Locker - 23.49%
- Cryptowall - 3.41%
Not to be outdone, new ransomware, Locky, has already wreaked some serious havock, responsible for 1.30% of infections.
Do your end users know how each of these different strains behaves?
3. DDoS Attacks are Launched if Ransom Demands Aren't Met.
In their November report, Ransomware: stand and deliver, your website or your Bitcoin, 451 Research exposes the malicious efforts of DDoS for Bitcoin (DD4BC) and other cybercrime syndicates like Anonymous, for using distributed denial of service (DDoS) attacks to expedite payment. If you're looking to familiarize yourself with this threat, you can read all about it in DDoS Attacks: An Overview of the Business-Crippling Cyber Threat All MSPs Should Watch for.
Essentially, an attacker floods a target organization's network with data in an attempt to exhaust that network's available bandwidth. While this isn't necessarily a new cyber danger, as a result, hackers are able to bring company websites offline, and is thus worth flagging. Consider how devastating a blow that would be for your clients. Many likely engage in e-commerce – their website is how they make money! With that in mind, it's unsurprising yet unsettling that attackers would choose to prey on this by introducing another layer to the ransomware experience.
Now, instead of merely destroying the decryption key to encrypted files, attackers threaten to launch DDoS attacks if they do not receive ransom payment in the allotted time.
According to 451 Research, messages sent from the DD4BC group "demanded payment of 40 Bitcoin (around $11,000 at the time of writing) or a DDoS attack would be launched." That price would then increase if demands weren't met within 24 hours. Again, forget the opportunity cost and operating loss of business downtime, this kind of one-time payment of $11,000 alone is a steep expense for most SMBs - enough to wipe them out! And who's to say the malware installs itself on a weekday?
What if an employee clicks on a link in a phishing email on Friday at 4:30 pm?
Talk about a bad way to start a Monday morning – walking in to find that you've missed the random payment window (typically between two and three days) and now must dig deeper into your pockets to recover data!
This presents a huge opportunity for you as an MSP. SMB business managers don't know there are anti-DDoS tools and managed security solutions that can keep their websites and services online. They may think paying the ransom is the only way to get rid of their problems, but you can show prospects and clients how you protect them from malware and other cyber threats.
As their virtual CIO, you combine the cybersecurity and data protection solutions, education and expertise they need to keep the hackers at bay. And if you offer backup and disaster recovery (BDR) services, you mitigate the damage by recovering data to their last recovery point objective (RPO), should they become successfully targeted.
4. Malware-as-a-Service/Ransomware-as-a-Service Is on the Rise.
It's not just IT solutions providers who've embraced the cloud, recognizing the potential for a software-as-a-service based business model, hackers have migrated as well. As described by ZDNet in response to the 2016 Trustwave Global Security Report, attackers "can now pay fees to rent malware; the developer keeps their 'malware-as-a-service' products up to date with fresh exploits and other tools so that members of the criminal underworld can use them to target thousands of unsuspecting victims." In renting these exploit kits, cybercriminals create accounts and carry out their schemes on a server controlled by the original malware author.
If these platforms weren't ultimately being used to illegally obtain and distribute sensitive data, you'd almost think they were a legitimate business endeavor! Given how easy it is to claim a piece of this pie, ransomware continues to dominate the threat landscape. When we discuss the benefits of the cloud, one of the main advantages we cite is the ability to access data anywhere and from any device. It goes both ways.
Schemes like malware-as-a-service enable a higher volume of malware attacks because anybody can corrupt and/or steal data anywhere and from any device.
But wait – there's more! With the super deluxe edition, you get ransomware-as-a-service! With this new flavor, cybercriminals that take advantage of these kits have to pay the original malware authors a fee or a percentage of ransom paid by the victim. These arrangements are attractive because you don't have to have an extensive background in coding or really any cyber knowledge to profit. Again, the fewer the barriers to entry, the easier it is for ransomware and malicious activity to spread.
As you've read here, ransomware continues to be a major issue and one that has a lot of staying power, unfortunately. Identified as the biggest cybersecurity threat and with a whole burgeoning illicit market that lets anyone play to win, the odds are ever not in the SMB's favor. As the number of attacks grows exponentially, there's a greater likelihood that one of your clients or prospects will become the next ransomware victim, with business-crippling consequences. The time to educate is now. Luckily, we've created a whole eBook devoted to helping SMB employees stay secure online and in the office.
By Lily Teplow
By Brian Downey
By Dave LeClair