In April 2017, an elite group of hackers, called the Shadow Brokers, leaked highly classified National Security Agency (NSA) hacking tools on to the dark web, including one that used malicious software and had the ability to exploit the SMB protocol in Microsoft Windows. On May 12, cybercriminals used the leaked tool to hack more than 200,000 computers across 150 countries, resulting in billions of dollars in losses. WannaCry officially put ransomware on the map.
Cyberattacks are notoriously difficult to prevent because of the changing nature of cyber threats. Businesses and consumers are no longer being taken down by traditional viruses, but rather by zero-day vulnerabilities and polymorphic malwares, which are constantly mutating in order to evade detection.
There are a number of market conditions which are fueling the growth of ransomware attacks from an attacker’s variation standpoint, according to Antonio Challita, director of product management at CyberSight, a cyber security intelligence platform with a dedicated anti-ransomware software called RansomStopper.
“Over the past few years, we’ve seen the growth of ransomware as a service (RAAS), through which cyber criminals can purchase ransomware and organize a revenue share with the malware author once the victim pays the ransom,” Challita told Insurance Business. “This enables attackers to distribute their ransomware much more broadly and enables criminals to cash-in on ransomware action without having to know too much about the technical aspects of attacks.
“Secondly, digital currencies – also known as cryptocurrencies – are gaining traction around the world. Led by Bitcoin, cryptocurrencies have crossed the chasm and entered mainstream conversations. From a cybercriminal’s perspective, Bitcoin [and other cryptocurrencies like DASH and Monero] offer two major benefits: pseudo-anonymity, which makes it harder for law enforcement to trace, and the convenience of collecting payments without having to go through a central banking authority. This makes cryptocurrency an attractive mechanism to handle ransomware payments.”
CyberSight’s Ransomstopper has been designed to prevent, rather than reactively detect, modern cyberattacks. It uses behavioral-based machine learning algorithms, which CyberSight is constantly updating, to detect, prevent and stop ransomware, regardless of how it arrives on a device. It’s an affordable, subscription-based SaaS solution that can be deployed worldwide.
“Our solution can help businesses of all sizes protect their up-time and guard against business service disruption. We’re positioning ourselves as an option to help firms prevent, detect and stop a cyberattack. Insurance companies are adding an additional layer of protection so that if an attack does get through, businesses have some liability and financial assurances to support them through the recovery process. Our services are complementary in terms of producing a better all-round cyber security solution,” Challita added.
As cyber security firms get better at preventing and detecting ransomware strains, malware authors are fighting back with new, highly complex methods. For example, a new variant of the SamSa malware includes password protection for its malicious code, which makes it very difficult for security researchers to revert the code.
“Ransomware is also targeting other types of devices in addition to PCs and servers,” said Challita. “As time goes on, we expect ransomware to target devices like robots, connected cars and devices connected by the Internet of Things. This is a serious threat, we expect to emerge by 2019 or earlier.”