Much ado about the ransomware scourge

FTC to hold public workshop on what to do about the growing ransomware blight

much-ado-about-the-ransomware-scourge
Credit: Keith Hall via Flickr

The Federal Trade Commission said it will hold a public workshop about all things ransomware on Sept. 7.

“With alarming frequency, ransomware hackers are sneaking into consumer and business computers, encrypting files containing photos, documents and other important data, and then demanding a ransom in exchange for the key needed to decrypt the files. Consumers, businesses, and government agencies are falling prey to these schemes, including hospitals whose servers may contain sensitive patient data. New forms of ransomware encrypt files of website operators, threatening not only their files containing stored data, but the very files needed to operate their websites. Other variants of ransomware are now targeting files on mobile devices,” the FTC wrote.

+More on Network World: FBI/FTC: Watch those e-mails from your “CEO”+

The workshop will feature presentations from Cisco Talos, PhishLabs, and Flashpoint. Another panel will examine the best defenses against ransomware, and will include FTC Chief Technologist Lorrie Cranor along with representatives of Cylance, Red Canary, Symantec and Children’s National Medical Center. Another panel will consider how victims should respond to a ransomware hacker’s demands and include representatives from the FBI, Sylint, and PricewaterhouseCoopers and Charles River Associates.

The FTC said its Ransomware workshop will address questions such as:

  • How do ransomware extortionists gain access to consumer and business computers?
  • What role can consumer and business education play in preventing ransomware infections?
  • Are there steps consumers and businesses should be taking to reduce the risk of ransomware or to decrease its impact?
  • Are there technological measures that computer operating system and web browser designers can take to prevent ransomware?
  • Are there browser plug-ins or other tools that consumers and businesses can employ that will warn if their data is about to be encrypted?
  • What can be learned from criminal law enforcement’s efforts to combat ransomware?
  • If you fall prey to ransomware, should you pay the ransom?
  • If you pay the ransom, how likely are you to receive the decryption key and be able to view your files?
  • What happens if you don’t pay the ransom? Are your files lost forever?

The event will take place at the FTC’s Constitution Center offices, 400 7th St SW, Washington, DC, and will begin at 1 p.m. and continue until 4:30 p.m. A full schedule and other details on the forum can be found on the event’s webpage. The event is free and open to the public.

Ransomware is only going to get worse. Cisco recently said enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits – nearly $34 million annually according to its Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.

“Defenders are not protecting systems in a way that matches how attackers do their work. Although defenders have evolved their strategies and tools for fighting online criminals, attackers are still permitted far too much unconstrained time to operate,” Cisco wrote.

“We expect the next wave of ransomware to be even more pervasive and resilient. Organizations and end users should prepare now by backing up critical data and confirming that those backups will not be susceptible to compromise. They must also ensure that their backup data can, in fact, be restored quickly following an attack. For enterprises, restoration can be a major undertaking; therefore, being proactive about identifying potential bottlenecks is essential. Organizations should also confirm that known vulnerabilities in their Internet infrastructure and systems have been patched,” Cisco wrote.

Cisco security researchers said they anticipate, based on trends and advances observed to date, that self-propagating ransomware is the next step for innovators in this space—and urge users to take steps now to prepare.

Some of the major findings from the Cisco report include:

•On the horizon: faster and more effective propagation methods that maximize the impact of ransomware campaigns and increase the probability that adversaries will generate significant revenue.

•Exploit kits, which have helped ransomware to become such a prominent threat, continue to take advantage of Adobe Flash vulnerabilities. In Cisco researchers’ recent examination of the popular Nuclear exploit kit, for example, Flash accounted for 80%of successful exploit attempts.

•Vulnerabilities in the enterprise application software JBoss are providing attackers with a new vector that they can use to launch campaigns such as ransomware. Cisco research shows that JBoss-related compromises have made significant inroads within servers, leaving them vulnerable to attack.

•From September 2015 to March 2016, Cisco security researchers observed a fivefold increase in HTTPS traffic related to malicious activity. The rise in this type of web traffic can be attributed largely to malicious ad injectors and adware. Threat actors are increasing their use of HTTPS encrypted traffic to conceal their activity on the web and expand their time to operate.

Ransomware has been in the news also because of a series of extortions involving hospitals. CIO wrote recently that in fact ransomware has become a major threat to the U.S. healthcare industry this year. The high-profile attacks that involved Hollywood Presbyterian Hospital in Los Angeles, MedStar Health in Washington, D.C., and other healthcare systems are just the tip of the iceberg. Over half of hospitals surveyed recently by HIMSS Analytics and Healthcare IT News said they had been hit by ransomware attacks in the past year. Another 25% were unsure whether such attacks had occurred.

In the typical a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code, the FBI stated . Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

“One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides,” the FBI said.

An industry debate about ransomware centers on whether or not to pay the scammers.

For its part the FBI doesn’t support paying a ransom in response to a ransomware attack. “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals,” the FBI stated.

Check out these other hot stories:

Cisco uncovers security threat in industrial control system

Open vSwitch finds new home at the Linux Foundation

What will space living look like? NASA picks 6 habitat prototypes

Branch office links, big bandwidth needs drive SD-WAN evolution

IT’S ALIVE! DARPA looks to build programmable, self-healing, living building materials

DARPA wants to build very low frequency wireless systems

Black Hat: Quick look at hot issues

The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)

Feds need to do a better job of measuring telecommuting benefits

IRS warns on super summer scam scourge

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.