Tim Ismilyaev, CEO & Founder of Mana Security speaks on how hackers work and what minimum protective measures everyone should implement on their personal computers.
The G7 countries have banded together against ransomware hacking attacks on schools, hospitals and companies. During the pandemic, this number of attacks only intensified. Representatives from seven countries: Canada, France, Germany, Italy, Japan, the United Kingdom and the United States have said they will be sharing information related to such threats, including financial information, cyber tactics and procedures, to guide and coordinate actions. Of particular concern to G7 representatives is the fact that criminals often demand ransom payments with virtual assets.
Criminals in 2012 gradually started to switch focus from stealing money to demanding a ransom for “kidnapped” data. Financial institutions have been actively combating cyberattacks for a long time. These efforts have several vital results:
- An increased maturity of financial institutions’ defense systems.
- Popularity of insurance.
- Increased competition among hacker groups. It significantly increased the cost of attacks and motivated crooks to look for other victims.
On the other hand, ransomware is a highly marginal business–attackers make at least 9-digit sums annually from victims’ payouts with at least 1000% ROI. Those figures skyrocketed in the last five years and are still growing with insane momentum without a chance to stop in upcoming years.
Like any other business, ransomware creators’ profits equals revenue minus costs. The costs of building and shipping of ransomware are meager. The source code of popular ransomware is either publicly available or costs very little on dark markets. Distribution is very cheap as well. And due to most people having files which they don’t want to lose or expose – tons of photos, corporate files, cryptocurrency wallets, etc., – they ought to pay the ransom.
Typical ransomware software spreads via four channels:
- Unpatched security vulnerabilities in victims’ software. These regularly are most dangerous because some vulnerabilities even don’t require any interaction from victims. For example, an exploit called Eternalblue, developed by NSA and leaked later by an anonymous group, just needed a victim to be connected to the same Wi-Fi network. It was enough to capture control over any Windows machine if it didn’t receive the last software update from Microsoft.
- Emails with malicious attachments. Usually, it’s an unexpected letter that mimics some legitimate service or person: a new tool from a tax agency to calculate taxes, a password recovery procedure from Google, or a job description in Microsoft Word document from an HR manager. After you open the attachment, the rest is a matter of time.
- Cracked software. There are no good guys who crack software for free, so almost all cracked software has backdoors, which authors later resell on the dark market.
- “Man in the middle” attack. Some websites don’t provide SSL encryption, so attackers can add arbitrary software on these websites and stay unnoticed. For example, Bad Rabbit ransomware embedded a fake Adobe Flash player and gained full control of a computer after installing.
Why People Can’t Tackle This Issue And How To Fix It
I outline two factors that affect this issue: lack of basic cybersec knowledge and lack of motivation to apply these rules “in the wild.” The former includes simple rules:
- Update apps and operating system within the first seven days after a release.
- Don’t use cracked software and install apps only from a native app store.
- Train yourself to spot phishing emails. There are many articles and quizzes on the internet on how to accomplish it.
- Use binary whitelisting software like Google Santa on macOS and AppLocker on Windows. Even if you accidentally try to run ransomware on your computer, the binary whitelisting app will prevent it from happening and would ask you to add this app to exceptions.
The challenge is to use these rules all the time. People don’t get hacked every day, so they start to think, “OK, I can ignore these rules for a while; I have a job to do right now!” and stay exposed to hackers for days or months. The trick is that we don’t know when we’ll face an attack, so it’s crucial to follow the rules strictly.