Good Ransomware Defenses Might Not Be As Complex As You Might Think

Good Ransomware Defenses Might Not Be As Complex As You Might Think

Ransomware seems to be getting the lion’s share of the press in the security world in the first half of this year. An NBC news story reported that  in the first three months of 2016, attacks increased tenfold over the total entire previous year, costing victims more than $200 million. These are known attacks.   NBC News. Multiple hospitals have been hit by and have paid ransomware.  A May 2016 article in ARS Technica  mentioned that there is was a new strain of crypto-ransomware that was targeting the healthcare industry Health care networks in ransomware outbreak

On an individual level, there is no agreement as to what individuals hit with ransomware should do. FBI’s cybercrime chief in Boston, Joseph Bonavolonta, told a gathering of cybersecurity experts, “To be honest, we often advise people just to pay the ransom.”. At the other end of spectrum, from an article in the Finance section of Yahoo, “All of the experts agree that the average person should never pay the ransom — even if it means losing their files. Doing so, they say, helps perpetuate a criminal act and emboldens ransomware makers. Even if you do pay up, the ransomware could have left some other form of malware on your computer that you might not see. In other words: Tell the criminals to take a hike.”  A bit extreme. “All” is a strong word.   People who have not backed up data, photos, et cetera, will not scream, “Take a hike.”  What to do – Yahoo

Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication”  ― James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology

Engin Kirda, Lastline Co-Founder and Chief Architect, presented a talk on Most RansomwareIsn’t as Complex as You Might Think at the 2015 Black Hat Conference in Las Vegas.

Among his thoughts: One interesting fact about ransomware is that compared to other types of malware out there, it is actually easier to defend against it in many cases. First, ransomware actually tells you that it has infected you. This is a major advantage from a defense point of view because you at least know that something has infected your computers. Other malware families do not typically do this and often, you don’t know that you have been infected for many months. Second, if you keep to standard, good security practices (e.g., regular backups, security updates, use of an advanced malware protection technology), the effect of ransomware is significantly reduced. In fact, if you have a good backup strategy, the fact that you have been hit by ransomware might be an advantage as it might point to weaknesses in your defenses without a major damage. In contrast, having being hit by stealthy malware (e.g., a more targeted attack that aims to leak out sensitive information) might have much greater consequences.

Not everyone is predicting that it will be “Everything ransomware” in 2016.  Wired Magazine, for example, is talking about Extortion Hacks, Hacks that change or manipulate data, Chi and pin innovations,  and the rise of the IoT Botnet as being  the attacks of 2016 Wired threat predictions 2016

Meanwhile, in the US Senate, “Fighting ransomware at an international level will require cooperation between law enforcement and State Department,” said  Sen. Lindsey Graham, at a Senate hearing.  Treat Sponsors Of Ransomware Campaigns As Terrorists.