The world today is full of unlimited business opportunities. We all operate in digital era to perform business operations (by Connecting people, enterprises, Smart Cities, systems, LOT, Utilities, Smart Grids/Meters, Big Data and Analytics and SMAC across the globe). We follow standard operating procedure defined during Stone Age without giving due diligence on the upcoming threat landscape.

 

This post is informative in nature and will help people who think cyber-attacks are not meant for them or they will never get affected due to either nature of their business or scale of their business. Be prepared, you can be the easy Target!!!

 

I would like to share a true incident happened in Non-IT organization which resulted big havoc and made complete operation at stand still for few days. Million dollar loss!!!

 

It was a normal day, when I received a call from my friend requesting some help since I understand security operations. I casually enquired the reason behind; however I felt he was little hesitating. During conversation, he mentioned that his customer is facing major issue due to malware attack and he requested my help to rescue. On his request, I agreed to socialize with the customer. Let me narrate the complete conversation-

During conversation, I came to know that he is heading the IT operation and seems to be in a deep problem. Initially, he was hesitating in sharing the issue due to company reputation and market share. However, based on my assurance he stated to me that the complete IT operation is stop due to malware attack. With the deep breath, I asked him more detail on the behavior of malware and the issue so that I can suggest mitigation plan. According to him……

 

  1. Touching lives of millions across India, Asia, the Middle East, Europe, Africa and America. 
  2. The malware has encrypted all the business operation devices and asking for money to decrypt the file system.
  3. The files are encrypted with .AAA extension.
  4. Not sure how many system are infected and will infect
  5. Antivirus solution is not protecting… Antivirus clam to be zero-day exploits
  6. Local vendor who is supporting the operation is not commitment to handle security incident.
  7. We can’t align with CERT-In (Indian - Computer Emergency Response Team) to report and to take their concurrence and advice due to company reputation. 

 

With the deep breath, I understood the complete issue. It was an “Encrypted Ransomware” attack. A Highly-Profitable Evolving Threat!!!

 Okay, let me brief you exactly how it functions.

Ransomware, as terms says it’s related to ransom; however in current circumstance it’s related to Digital Ransom”. In the current context attacker has encrypted the digital information and asking Ransom money to rescue/decrypt the data so that it can be used for business operation. It’s a big call which customer has to make, considering

 

  • How to make business operational with no impact on business and Market share
  • The impact of encrypted file. Data Restoration, if we plan to delete everything 
  • How many system affected due to self-replicating behavior
  • Do we have any controls to identify the Source of the attack  
  • When it was infected, since many malicious code remain undetected due to APT behaviors.
  • What would be the impact on company reputation, if the Ransom is paid
  • How we can safeguard considering attacker might have key to our network
  • How to mitigate the same incident again

 

Before Business takes a call on the above alarming question, let’s understand little more on how it works and how it’s impacting the users across the Globe.

 

Ransomware can exhibit worm-like behavior and can remain undetected. The ransom leverages removable and network drives to propagate itself and affect more users. There are many forms of Ransomware someone of which has destructive nature i.e. they are designed with automated counter, once reached the threshold it will start deleting the files. If you restart the computer or try to stop its services, it become more disruptive and may delete 1000 of files. Ransomware Boss (In IT Terms, can be referred as a Program Head) will establish the complete program like a project J.The leader (In IT Terms can be referred as a Technical lead) is recruited from 10 to 15 affiliates that supported him in spreading the ransomware via:

  1. Botnet installs
  2. Email and social media phishing campaigns
  3. Compromised dedicated servers
  4. File-sharing websites

 

Let’s understand the market analysis so that we can Say “No to Digital Threat in cross connected ecosystem” 

 

Facts

Revenue   Business from Ransomware

  • Half of the users can’t accurately identify ransomware
  • Half of the victims are willing to pay up to $500 to   recover encrypted data. This means according to the graph; there are nearly   200K infected users. If half of them pay 500 USD, it makes a total of 50,000,000   USD!
  • Personal documents rank first among user priorities.
  • UK consumers would pay most to retrieve files.
  • US users are the main target for ransomware.
  • Indian Users are also   targeted; however never reported.
  • One of the most interesting aspects of ransomware campaigns is   that they could also be very profitable for small gangs without specific   skills.
  • A ransomware-as-a-service campaign operated by a Russian gang   since December 2015
  • The gang requested the victims a payment of a $300 fee to rescue   to encrypted files, the communications with the victims are handled directly   by the boss.
  • 93% of phishing emails are now Ransomware

 

 8669810489?profile=original                                                                    

 

Growth of Encrypted Ransomware Q1 2016

8669810288?profile=original

    

 

 

The best preparation for tomorrow is doing your best today. In my next post, I will be guiding on developing holistic approach on how to battle with Ransomware proactively to avoid massive destruction along with Mitigation approach. Till then stay safe!!!

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform