Ransomware: Advancing to the Next Level | LBMC

Blog / Ransomware: Advancing to the Next Level

The notoriety of ransomware is so great that the United States Department of Health and Human Services (HHS) has provided guidance specific to this threat, and the FBI has confirmed the devastation of ransomware, indicating that no industry is immune.

The ransomware family of threats are not new by any means. The legitimate roots of this threat vector started in around 2008, but at that time it was better known as “scareware.” While that initial effort was largely a failure, the basic premise of the attack was solid. One can imagine these hackers saying to themselves at the time, “we have something to work with here and it can be improved to generate revenue.”

Fast forward about six years: The Cryptowall ransomware variant hit the market in June of 2014. Cryptowall was a significant breakthrough for its creators. Cryptowall created a legitimate situation that received ransom payments to the tune of a total of $325 million dollars in 2014. At that point, the “business model” for ransomware was validated, and numerous ransomware variants would enter this lucrative market.

Ransomware is arguably the most devastating cybersecurity threat that organizations have ever faced. Ransomware is no longer simply a “hack” or a cybersecurity threat, it is a viable business model to generate revenue that is wildly successful.

Ransomware is not like other typical cybersecurity threats.

Rather than seeking to give the attacker remote control of systems or exfiltrate data that can be sold or used for nefarious purposes, ransomware is a product for profit.

Over the past few years, LBMC has partnered with leading law firms to discuss the technical and legal issues revolving around ransomware. In 2020, For cybersecurity experts, how to protect organizations from threat actors looking for the least path of resistance through vulnerable systems is an interesting but uncomfortable conversation. In order to stay ahead of emerging threats, cybersecurity specialists work to predict the future and hope that their predictions don’t happen.

In regards to ransomware, LBMC has predicted eight separate ransomware product enhancements that may occur in the future. Our number one prediction (and fear) was a ransomware variant that would self-propagate internally (i.e. wormable).

For those of us that were in cybersecurity in the early 2000s, wormable malware such as MSBlaster, Code Red, and SQL Slammer inflicted extreme damage and kept cybersecurity experts on their toes. While LBMC has predicted this type of attack for some time now, we have maintained hope that it would never come to fruition. Unfortunately, on Friday May 12th, 2017, such an attack did indeed materialize.

As you may have seen on the news, a massive worldwide ransomware cyber-attack quickly spread across more than 70 countries. This ransomware attack by the variant known as WannaCry is making unprecedented headlines from NBCNews, FoxNews, and CNN– because unlike previous ransomware variants, it is “wormable” (which means that it can spread by itself, without requiring users to pass it on to other systems) and has the ability to infect an entire network from the inside.

For many of us, this is reminiscent of MS Blaster or SQL Slammer, but the impact is much greater. This “Wormable Ransomware” is something the cybersecurity community has feared for years, and unfortunately it looks like it has finally materialized. Impacted organizations are those that have failed to implement Microsoft’s MS17-010 patch which was released by Microsoft to close holes that were publicly disclosed during Shadow Brokers’ public release of stolen N.S.A. hacking tools. As LBMC Security has been advising clients, proper patching is essential.

For those wondering what they can do to insulate their organizations against attack, download the Ransomware Checklist that LBMC has developed that includes a series of steps to help protect organizations against ransomware attacks such as these.

For additional guidance or assistance with ransomware, please contact LBMC’s Bill Dean at (865) 862-3051 or bdean@lbmcstage.webservice.team.

Content provided by LBMC Information Security professional, Bill Dean.