When you think of ransomware, you probably think of the people behind these malicious exploits to be basement-dwelling, hoodie-toting, socially-reclusive hackers. Or maybe you think of big bad cybercriminals within an anonymous organized crime network. But the truth of the matter is ransomware is not as elusive and complex as you may have believed. It is one of the most accessible pieces of malware that can be bought and sold as long as you know how to get to it. And getting to it isn’t nearly as difficult as you may have perceived.
Ransomware is a big hype word right now. People know it’s scary, and they know that it’s capable of wreaking havoc, but they don’t think it is going to happen to them. It seems like a tool to target big businesses to get large payoffs; however, the people using these viruses do not usually have such grand schemes in mind when letting their malware loose on the internet. More money can be made by targeting hundreds of smaller targets, such as individuals or small businesses that do not have access to high-level tech people and are willing to pay a ransom to get back important data like pictures or documents. To understand why this is, we need to look at what the ransomware culture has turned into.
Accessing the Dark Web does not require the skills of weathered veteran hackers. All you need is a TOR (The Onion Router) Browser, a good VPN, bitcoins, and a basic understanding of the Dark Web. There are websites on the Dark Web similar to that of eBay or Amazon, AlphaBay being an example of this although the entire site was seized in July 2017 by the Dutch Police in a large sting operation. There are many others available that provide completely anonymous trading of goods, and this includes ransomware.
Ransomware has gained in popularity due to the fact there is such little risk involved in using it, and the payoff from successfully trapping people with this malware is large. In these Dark Web marketplaces, non-technical people who don’t know a thing about malware engineering can find services that create the ransomware for them.
One example of RaaS (Ransomware as a Service) is Satan: A Dark Web ransomware generator that allows low-tech criminals the ability to buy auto-generated pieces of ransomware for their own personal use. Each piece of malware created is significantly different from the others so that anti-virus that has blocked other Satan-generated ransomware viruses will not block a new one. However, auto-generated malware has its flaws, and while some customers report the ransomware functioning perfectly fine, others end up paying for a defective product that doesn’t net them any money. The creators collect royalties on malware you use, taking some of the profits you earn for themselves. This means that anyone who has enough bitcoin can buy a version of Satan by doing as little as filling out a form. See here.
To go a step further, many malware vendors offer technical support to their customers that can’t seem to get the virus to execute properly. This means someone that has no clue what they're doing can potentially target you with their new store-bought ransomware.
If you are suddenly feeling a lot more insecure about your safety on the internet, I wouldn’t blame you, but there are steps you can take to protect yourself against getting caught in an attacker’s web.
Preventative Steps against Ransomware:
- The first is to remember that ransomware cannot magically appear on your computer; you will be a key player in your own demise if you manage to get infected with one of these pieces of malware.
- The most common way of getting infected is through clicking false links or attachments in phishing emails. When you receive emails from companies or co-workers that seem out of the blue, odd or unnecessary, do not click them. Call your co-worker sending you the email to confirm they did send it or notify your IT department or MSP to have them check out the email to ensure it’s safe.
- Keeping backups of your data is the best way to thwart a ransomware attack, though. By having your data stored in a cloud or off the network means you take the power away from the attacker. You have no need to pay a ransom if you can have your data back in a few hours and the attacker gets nothing.
- You can also report the attack to your local authorities or the FBI, letting law enforcement know can help in the fight against this epidemic.
Twinstate Technologies provides offensive and defensive services to help businesses guard against ransomware, working with leading partners like Sophos. Contact us today for a complimentary Discovery Call and be on your way to protecting your business. We offer a number of solutions for every budget.
Originally published on 08/11/2017