OPINION: Read This or the File Gets It
Pre-packaged ransomware hacks from the Dark Web has lowered the barrier to entry for cyber-crime and upped financial institutions cyber-security risk significantly.
Instead of hackers authoring their malware attacks, many ‘hackers’ just need to spend $50 and agree to turn over a small percentage of the ransom to the ransomware retailer, who then creates a custom payload and handles typical bitcoin-denominated ransom.
There are now more than 120 different families of ransomware, the BBC reported in early May.
Last year alone, the Federal Bureau of Investigation logged 2,453 ransomware-attack complaints to its Internet Crime Complaint Center.
Most of the ransomware attacks use the same attack vectors as other cyber-attacks- phishing emails, webpage redirects to dodgy sites and infected email attachments.
Typical ransoms are only a few hundred dollars since many hackers want the ransoms to be small enough that the victim would pay it, but large enough so that it makes economic sense for the cyber-extortionist.
However, some hackers have set their sites on bigger targets with deeper pockets.
Off all the ransomware attacks reported to the FBI in 2015, each averaged an approximate $650.
Kansas Heart Hospital was not so lucky when a ransomware attack encrypted a good amount of their files. The hackers first issued a demand for $3.4 million, but the hospital negotiated the ransom down to $17,000, which it eventually paid.
Imagine what hackers would as from an asset management firm.
Hackers are also adopting a “kill a hostage” approach if their victims do not meet their demands by a specific deadline. This strategy further limits what firms can do to mitigate the damage from such attacks.
Law enforcement’s best advice to ransomware victims is to buck up and pay the ransom, which means having access to a ready supply of bitcoins.
More on Cyber-Security:
CLS Bank veteran Vas Rajan to start on March 1.
Options industry group navigates technological and regulatory change.
The technical standard ensures a certain level of security is applied.
The best practice paper takes a behavioural approach.
Regulator dashes the hopes of market participants who lobbied for a stay.