Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ransomware Is Not a “Malware Problem” – It's a Criminal Business Model

Ryan Olson, Unit 42 Analysts, Palo Alto Networks | May 13, 2016
Ransomware has existed in various forms for decades; but, in the last three years, criminals have perfected the key components of these attacks.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Today Unit 42 published our latest paper on ransomware, which has quickly become one of the greatest cyberthreats facing organizations around the world. As a business model, ransomware has proven to be highly effective in generating revenue for cybercriminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users - all are potential targets.

Ransomware has existed in various forms for decades; but, in the last three years, criminals have perfected the key components of these attacks. This has led to an explosion of new malware families, which make the technique work, and drawn new actors into participating in these lucrative schemes.

To execute a successful ransomware attack, an adversary must be able to do the following:

1.     Take control of a system or device.

2.     Prevent the owner of the controlled device from accessing it, either partially or completely.

3.     Alert the owner that the device has been held for ransom, indicating the method and amount to be paid.

4.     Accept payment from the device owner.

5.     Return full access to the device owner after payment has been received.

If the attacker fails in any of these steps, the scheme will be unsuccessful. While the concept of ransomware has existed for decades, the technology and techniques required to complete all five of these steps at a wide scale were not available until just a few years ago. The resulting wave of attacks using this scheme has impacted organizations all over the world, many of whom were not prepared to prevent these attacks from being successful.

The paper we released details the history of ransomware and how attackers have spent many years trying to get this business model right. We also delve into what we can expect from future ransomware attacks, which includes the trends that follow.

1. More Platforms

Ransomware has already moved from Windows to Android devices and, in one case, targeted Mac OS X. No system is immune to attack, and any device that an attacker can hold for ransom will be a target in the future.

This concept will become even more applicable with the growth of the "Internet of Things" (IoT). While an attacker may be able to compromise an Internet-connected refrigerator, it would be challenging to turn that infection into a revenue stream. But the ransomware business model can be applied in this or any other case where the attacker can achieve all five steps for a successful ransomware attack. After infecting the refrigerator, the attacker could remotely disable the cooling system and only re-enable it after the victim has made a small payment.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.