The Evolution of Ransomware
by Michelle Krasniak
Ransomware is a type of malware that when deployed, encrypts files on a victim’s computer until a ransom is paid. Historically organizations could keep their data relatively safe by using a traditional backup process. That wouldn’t necessarily stop the bad actors from trying to take over the data; it just meant the organization could possibly recover the data taken hostage without paying the ransom.
Just because a ransom is paid, however, doesn’t meant that the organization is free and clear of any detrimental effects from the attack. In fact, a recent study by Cybereason titled, “Ransomware: The True Cost to Business,” found that 80 percent of victims surveyed who submitted a ransom payment experienced another attack soon after the initial attack and of those, 60 percent still experienced revenue loss and 53 percent suffered damaged to their brands.
Ransomware itself is not a new story. The first recorded instance of ransomware targeted the healthcare industry in 1989. In that attack, an AIDS researcher distributed 20,000 infected floppy disks to people at the World Health Organization's AIDS conference. What is new in this story is the evolution from ransomware to extortionware.
Over the last three decades, hackers have honed their craft into what is now being called extortionware. Extortionware is the bigger, badder older brother of ransomware. With ransomware, the hackers provide a decryption key once the ransom is paid, thereby returning access to the data. Theoretically the attack is complete at that point, and everyone goes on their way, the hackers with fatter wallets and the victim organization flush with hard earned lessons in cybersecurity.
Extortionware takes it a step further; even if you pay the ransom, there are no guarantees that you’ll get all your data back or that your data won’t be “used against you” in the future, to extort more money from you. There’s no honor among thieves, after all.
Unfortunately like all cyber threats, both ransomware and extortionware can have disastrous effects on your third-party ecosystem. For example, in April of this year Apple fell victim to a ransomware attack that leveraged one of their third-party suppliers as a proxy. The attackers exfiltrated data about unreleased Apple products and demanded a $50 million ransom to prevent the disclosure of the data. This example illustrates the importance of understanding and managing the risks that we inherit from the myriad third parties used every day to process, transmit, and store our most valuable data.
To fight ransomware, companies need a methodology that combines a wide range of security safeguards with a modern approach to third-party cyber risk management, including threat intelligence and comprehensive data analytic capabilities. If you’d like to hear cybersecurity practitioners discuss how a data-centered approach is the most effective in the fight against ransomware and extortionware, join us at Black Hat USA on Wednesday, August 4th at 12:40 p.m., where our CISO Dave Stapleton will lead a discussion called, “Extortionware: Ransomware’s Bigger (and Meaner) Brother” with special guest Tim Chapman, Director of Security Assurance, ADP.
To learn more about how CyberGRX can help you manage your third-party cyber risk, request a demo today.