Malware Is an International Problem

This is a post series on cyber crime. For more posts click here or the cybercrime tag below.

Check out this archive of a search on twitter for “crypz.”

https://archive.is/Wxiht

This is what happens when you let stuff like this go on. Pretty soon everybody starts to get hit. These guys are always looking for new targets when the old ones get wise. Next it seems to be gamers.

New TeslaCrypt Ransomware Targets Gaming Files

The gaming industry can become the next big target of cybercrime

When the only option is capitulation and even that has high probability of not working, what recourse do users have anymore?

The attack encrypted files that contained team-critical information worth millions of dollars. Their options were either pay the ransom or ignore it and devote approximately 1500 man-hours to recreating the encrypted data. They had two days to pay the ransom; they had to have their No. 95 car at the racetrack for the Duck Commander 500 in a day and a half. Circle Sport-Levine Family Racing is one of NASCAR’s charter teams which means they were guaranteed a spot in the race, but without the data in the encrypted files they would have been competing at a crippling disadvantage. They paid the ransom.

Like many who use the internet, Winston and his team did not have a clear understanding of ransomware before they were attacked. They knew it was some kind of bad internet thing but, like most people, they assumed it was the kind of thing that happened to somebody else. Winston described what it’s like when the bad thing happens to you.

“The attack encrypted files that contained team-critical information worth millions of dollars. Their options were either pay the ransom or ignore it and devote approximately 1500 man-hours to recreating the encrypted data. They had two days to pay the ransom; they had to have their No. 95 car at the racetrack for the Duck Commander 500 in a day and a half. Circle Sport-Levine Family Racing is one of NASCAR’s charter teams which means they were guaranteed a spot in the race, but without the data in the encrypted files they would have been competing at a crippling disadvantage. They paid the ransom.”

Like many who use the internet, Winston and his team did not have a clear understanding of ransomware before they were attacked. They knew it was some kind of bad internet thing but, like most people, they assumed it was the kind of thing that happened to somebody else. Winston described what it’s like when the bad thing happens to you.

http://www.forbes.com/sites/kevinmurnane/2016/06/24/malwarebytes-puts-nascar-team-back-in-the-drivers-seat-after-a-ransomware-attack/#55d553983163

Yes they got additional security after the attack.  That may not help the next one though, because there’s always a window of vulnerability as each new flavor of these things comes out.

The crooks try to target groups that might be vulnerable to the coercion of the attack.  So they are more panicked and willing to pay up. Essentially the only way to stop the attacks is to shut them down.  Before the problem snowballs.

 

http://www.businessinsider.com/doj-and-dhs-ransomware-attacks-government-2016-4

Which is happening even as we speak. When things go from holding for ransom to destruction, it’s not going to end well.

Ranscam doesn’t care if you pay the ransom

Since I started this series after getting hit last month I’ve looked for something, anything that would tell me that there is some sense of correcting things or a light at the end of the tunnel.  Instead, it looks like the trend is toward higher fences, anarchy and turning the internet into an electronic Somalia as I’ve been watching.  What I’ve found interesting is that the people in charge of making things more secure don’t seem to see this coming.  It’s rapidly reaching the point of disaster.

Kaspersky Security Bulletin 2015. Overall statistics for 2015

Malware Mania” is back with a vengeance creating havoc for organizations of all sizes and in all industries. Cyber criminals have morphed their attack methods with the resurgence of macro malware and encrypting ransomware to evade traditional antivirus and sandbox defenses. As a result, cybersecurity teams are scrambling for a more effective way to deal with these shocking realities:

  • 2,500 cases of ransomware costing victims $24 million in the US alone were reported to the Internet Crime Complaint Center for 2015 (Turkel, 2016)
  • 500+ malware evasion behaviors are being tracked by researchers used to bypass detection (Kruegel, 2015)
  • 10 is the average number of evasion techniques used per malware sample (Kruegel, 2015)
  • 97% of malware is unique to a specific endpoint, rendering signature-based security virtually useless (Webroot, 2015)
  • 15% of new files are malicious executables (Webroot, 2015)
  • 98% of Microsoft Office-targeted threats use macros (Microsoft , 2016)
  • 600%+ increase in attachment-based vs. URL delivered malware attacks from mid 2014 to 2015 (Proofpoint, 2015)
  • 50% increase in email attacks where macros are the method of infection (Tim Gurganus, 2015)
  • 390,000 malicious programs are registered every day by AV-Test Institute (AV-TEST, 2016)
  • 19.2% potential increase of detecting malware simply by adding a 2nd AV to your existing email security, while structural sanitization can help eliminate macro malware threats (Clearswift, 2016)

https://www.clearswift.com/blog/2016/05/24/10-shocking-malware-and-ransomware-statistics

Until such time as these people are caught and publically destroyed, this isn’t going to stop.  Every user on the internet has skin in the game to make that happen.  Until it does everybody and anybody can be a victim and get their live fouled up.  And things are only going to get worse unless we users demand that the darknets play by the rules and help shut these people down.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s