Pity the poor hackers of the past. They were labeled as data pirates, but they couldn’t steal anything. They could only make copies, and of course, copies are worth much less than originals.
Ransomware is different. By encrypting the target’s data, they are in effect ‘stealing’ it. Instead of having to find a buyer for the ‘stolen’ data, the ransomware operator sells a decryption key to the person who probably values the data most — the owner.
Ransomware allowed for the perfection of the hacking business model, which means it will be used by more and more criminal organizations. Here’s why it’s so perfect:
- No need for technical expertise because the exploits are available as a service
- The upfront costs are low because of the subscription nature of the service
- The “customers” for decryption keys are the people who value the data the most
- The market is massive because every person and company on the Internet has data they care about
With such a great business model, we will see an increase in the number of entities employing ransomware services. The FBI says the number of reported ransomware attacks rose four-fold between 2015 and 2016. I predict the pace will increase this year.
There is little that can be done about the first three drivers of this business model, but we can shrink the size of the market while protecting ourselves.
- Don’t use unsupported software and operating systems
- Be rigorous in the application of patches
- Use an email security gateway
When choosing an email security gateway, make sure you are not relying solely on a signature-based system. WannaCry
was able to spread quickly in part because there were no signatures for it. Look for systems that use a multi-layered approach that also looks for the intent of the email content, including attachments and URLs. With more than 400,000 malware analyzed in email daily
, the protection of email is critical today. Click here
for a trial of our multi-layered ATP approach.