Apparently the crap hit the rotary impellor this week. A malware creator or team got their hands on some heavy duty cracking software from the NSA and combined it with a mediocre ransomware code to create a monster.
For whatever reason, ransomware is now big news.
With the exception of the use of the NSA software exploits, the ransomware itself seems to be pretty normal. That’s been the problem all along. Once these powerful tools like the NSA tools and the AES encryption get out on the net the chance that inexperienced amoral people who are have just enough skills to dangerous get their hands on them and chasing the idea that they can use the tools to get rich, wreak havoc far out of proportion to the money they actually collect.
I’ve been saying all along in this series that ransomware creates a new order of problems for computer users and security people. The typical damage caused by the encryptor to a network or system far outweighs the amount in ransom paid. The problem is that even if the decryption works, something that is NOT guaranteed, the error rate of badly created encryption software is high enough to cause significant losses. When it comes to institutions like hospitals, that can mean lives. Until ransomware is treated with the same intensity of some of the other things on the dark net, the mess will only get worse.
The week in ransomware: