The second conclusion is more concerning: why aren't the authorities doing more about scams that should be relatively easy to disrupt?
"In this report, we have clearly demonstrated that peeling the layers behind the financial infrastructure of ransomware is achievable and such investigations could be a powerful tool if undertaken by the appropriate authorities," noted the report, acidly, before throwing a punch. "We believe one of the reasons ransomware is thriving is the lack of action from law enforcement agencies."
Likely, police forces see studying the mechanisms used to execute crime as beyond their resources, regardless of how easy it looks from the outside. It's also the case that police forces are attuned to solving crimes and that if no crime is reported (which it likely won't be when a ransom is quietly paid), then there is nothing to investigate. Victims are almost certainly spread out across the developed world and even supra-national bodies such as Interpol find this hard to track.
"It is safe to assume that proceeds from the ransomware are funding other nefarious activities. 'We don't negotiate with terrorists, but we will let anyone rob you as long they use ransomware' pretty much sums up the FBI's current stance. How long before some major threat/attack gets linked to gains from ransomware? Maybe then action will be prompted," said Imperva.
The advice for business who haven't got the prevention memo remains much the same as it's always been.
CryptoWall 3.0 - prevention is better than an empty wallet
- Don't rely on anti-virus software alone to protect computers. Many programs aren't up to the job not least because criminals make sure their attacks can beat most or all of them before they are launched.
- On the contrary, use some kind of file monitoring can delay or block this kind of attack. Ransomware targets files so if a lot are being opened on a machine this is a red flag.
- Employ regular backup and remember that file synchronisation systems such as Google Drive can be infected and are not a substitute against ransomware.
- Deploy email security, if necessary quarantining attachments or even disallowing them altogether for most users. Most ransomware attacks still exploit the incredibly weakness of email security is many organisations.
- Individuals should consider specific tools and advice when working out how to defend themselves.
Sign up for CIO Asia eNewsletters.