This is the final of a series from the Comstor Federal Summit (#ComstorFS17). Bryant G. Tow spoke to Cisco leaders, Comstor partners and value-added resellers (VARs) about the key security risks for federal agencies. In an earlier post, we focused on weak passwords. In this post, we delve into the second of two primary cybersecurity threats for the federal government: ransomware.
There are three things that every agency and company has that are attractive to cybercriminals – bandwidth, processing power and storage, according to Bryant G. Tow, Managing Partner of CyberRisk Solutions.
“Many of my clients ask ‘What do I have that they would want?’ and that is my answer,” Tow explained. “Cybercriminals can use your digital assets to do any number of things, which is why they are getting more and more sophisticated in the ransomware market.’”
In the past, ransomware was focused on storage only, but now it is expanding into a focus on bandwidth and the availability of systems. “Frankly, cybercriminals are just looking to see where they can raise your heartbeat and get you to pay what they want you to pay,” he said.
Tow explained that most of us picture a machine that has been compromised in this way: All the files have been encrypted and a little box pops up with a ransomware message. “Then you envision the Southwest Airlines, ‘Do you want to get away?’ commercials,” he said.
In fact, cybercriminals have become much more dangerous. Tow shared that a financial client was “held hostage” for ransomware in a different way.
“This client never wanted to do anything until there was a compelling event, but when they got ransomware for a couple of their data bases, it was unique,” he said. “The criminals didn’t want to hold onto their systems. Rather, they uncovered a Distributed Denial of Service (DDoS) vulnerability in their web presence and were threatening to use it against them.
“This company was providing a wide variety of financial and securities market information on numerous popular websites and were, therefore, very prominent. An outage on any of these websites would be absolutely devastating.
“The ransomware was set at $300,000 USD, and the cybercriminals said, ‘Oh, by the way, we are going to take one channel down from noon to 1 EST today,’” Tow explained. “The channel went down at noon. At 1:01, it popped back up. This attack wasn’t about holding files for ransom. It was about protecting a business reputation.”
As cybercriminals become more sophisticated, they are offering ransomware-as-a-service to potential criminal clients who only need to go to the Dark Web and sign up for a service that includes a payment method, distribution and the actual code itself.
“Cybercriminals have set up sophisticated ransomware-as-a-service sites, at which, for 5 percent of your profits, they will put you in the ransomware business,” Tow explained. “We know of a half dozen or so. When you log in, you pay $50 to access the site (which is applied to your purchase later) and they direct you to a tool with a management dashboard that shows you where all of your ransomware campaigns have been installed, tells you who has paid, provides a management console, etc.
“Today, they even offer customer service to help you set up your bitcoin accounts!” Tow said. “They have help desks too. This is a billion-dollar industry; they have put thought into end-user experience. Some have gone so far as to offer chat support.”
Luckily, though, as Tow pointed out, much like computer viruses, ransomware will fall out of favor because it has very specific properties in how it works and solutions for it are quickly being created.
“Sooner or later, it won’t be a $1B industry because as the anti-ransomware solutions are deployed, the business will no longer be as lucrative and the bad guys will say ‘What’s next?’ They have to innovate and evolve,” Tow said.
Bad guys follow the exact same models as legitimate businesses, so the issue will become “What’s next?” for organizations, too.