Paladion has revealed that the fastest-growing area of cybercrime has developed into a $1 billion-a-year industry complete with customer care departments set up to secure payments from victims of ransomware attacks.
“This has encouraged setup of new criminal startups that make millions of dollars within months before being closed down to protect the masterminds from arrest,” said Ravi Raman, SVP – Security Intelligence and Analytics, Paladion. “In the last couple of weeks we have seen the newspapers splashed with news of organisations, businesses and individuals been taken hostage by ransomware attacks. Both individuals as well as organisations are at risk today. The perpetrators have moved away from random attacks to targeted attacks on organisations.”
Ransomware, as the name suggests, is a type of malware that encrypts data on your system and demands ransom for decrypting it. Advanced 128 to 256–bit encryption algorithms are used to encrypt data. In most cases, decryption without the key is not possible. Affected parties are paying up – data for such organisations and individuals is very valuable and losing it is not an option.
The concept of extracting money from affected people and organisations has worked as data is important and is a lifeline. Once the perpetrators have tasted “blood” in terms of getting paid, it can always be assumed that there would be no let up. The Middle East region is now susceptible to more targeted attacks than ever before.
Ransomware has grown beyond Windows-based personal computers to smartphones, Mac and Linux systems, with attackers increasingly seeking any network-connected device that could be held hostage for profit. The UAE witnessed a 44 percent year-on-year increase in the number of ransomware attacks. Ransomware has gone through several improvisations over the past year or so – each variety of Ransomware designed to be more dangerous than the previous one.
“To detect such staged attacks, an organisation has to invest on tools that will enable it to run data science and machine learning models that can detect patterns from the network data,” said Raman. “Tools that rely not just on malware signatures but on other concepts such as Indicator of Compromises (IOCs) to detect them; tools that can quickly scan your network / end points for any typical compromises that you suspect may have occurred; tools that can scan for rouge browser plugins; tools that can detect C&C user accounts that could be used by malwares to piggybank on; and tools that can check for unused services that the malwares can morph into. The good news is that such tools are available. You will need such tools to prevent ransomware attacks. We need to be geared to protect ourselves from such threats when the stakes are high. Game changing threats need a robust multi-pronged strategy for effective protection.”
