Gretel Egan | March 18, 2016

Wombat CTO Discusses Ransomware in 'Security Info Watch' Article

Wombat_Ransomware2016.jpgRansomware is on the rise, and it's a potentially costly side-effect to a successful phishing attack, malware infection, or other cyber slip-up. Not only is it more important than ever to regularly back up business-critical data, it's essential to inform and educate your users about the ramifications of "click now, ask questions later" behaviors.

Our CTO, Trevor Hawthorn, recently wrote an article for Security Info Watch titled, "Ransomware: Understanding it and avoiding it." The intro to the article and a link to the full piece are below. Check them out...and stay tuned for a follow-up in the near future.

Trevor Hawthorn
Security Info Watch
December 29, 2015

Ransomware has come back into the spotlight, with a Krebs on Security report highlighting a recent attack targeting Linux web servers — in addition to consumers and business users. Though ransomware itself isn't anything new, this approach is unique in that after the attackers exploit a server, they use a CryptoWall-like method to hold the victim's files hostage.

To understand how to best protect yourself, it’s often helpful to know the root of the issue and why ransomware is a successful approach for attackers.

How We Got Here

If there is one thing we've seen over and over, it’s that cyber criminals run their operations like a business:

A) They work on their craft — cyber crime — full time. (This is a prime reason, by the way, that it’s hard for organizations to catch up let alone get one step ahead. Cyber security just doesn’t get the same time or attention.)

B) Ultimately, they have to figure out how to monetize their efforts.

Phishing has been a lucrative delivery method for malicious links and software, and the path from phish to profit has gone something like this:

Step 1: Send an email with malware to a target

Step 2: Malware infects the target's PC

Step 3: <Monetizing effort here>

Step 4: Profit!

Historically, Step 3 has been the hardest — and longest — part of the plan. Sure, more sophisticated operations can take a foothold in a single email account and turn it into a big-time payday. But this can be time consuming; let’s just say it’s a long conversion cycle. Every business loves to land the whale, but you need minnows to keep you going day to day, right? CryptoWall made quick-hit monetization a possibility — and a very real threat.

Read more on the Security Info Watch website...

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now