Ransomware is rife – are cryptocurrencies to blame?

By Charl van der Walt, Head of Security Research, Orange Cyberdefense

It seems that hardly a day goes by without the issue of ‘ransomware’ hitting the headlines. In recent years there have been a number of incidents, one of the most high profile of which saw up to 1,500 businesses around the world impacted by a ransomware attack centred on US IT firm Kaseya. Businesses worldwide had critical files across their computer networks locked by the attack. The hackers reportedly demanded $70 million in Bitcoin, and Kaseya has, to date, refused to say whether an extortion payment was made.

Cryptocurrency plays a central role in all major ransomware attacks. The rise of Bitcoin and other cryptocurrencies has enabled ransomware to become one of the most profitable business models in the cyber criminal’s arsenal. Bitcoin has been just the shot in the arm that the ransomware industry needed. It is a safe, cheap and reliable means of payment with a high degree of anonymity.

Hackers just need to monitor the public blockchain to find out if, and when, their target has paid up. They can also create a unique payment address for each victim and have the locked files automatically released on confirmation of payment.

The threat, and the consequences, of ransomware attacks are now clear to many people, and the problem doesn’t look like it’s going away. So, what can be done to mitigate the potential impact?

Firstly, it must be understood how easy it is for criminals to gain access to IT systems. Take the example of WannaCry, a global attack which targeted the Microsoft Windows operating system, and infected hundreds of thousands of computers across more than 150 countries in a matter of hours. Although Microsoft had released a critical patch a month before the original attack, there were still many Windows users with unpatched systems. Such an apparently simple and routine action to take, but, for whatever reason, patches were not implemented and the resulting attack was potentially catastrophic.

There is no single solution to beating cybercriminals, but starting with the basics is crucial. Anyone with a network needs to conduct a thorough review of organisational processes and procedures around security, both from a technological and a human viewpoint. Ensure a high degree of cyber-hygiene, with modern anti-virus protection, tight network filtering, careful user rights management and timely software patching. Business continuity plans should always include an offline back-up of all data so that payment is not required to get it back. Identify all the potential risks, address them, and never assume that you won’t be a target.

One vital step – despite sounding like it’s a million miles away from a solution to ransomware – is to start using the correct terminology for such crimes. It isn’t just ransomware that crypto is enabling huge growth for, it’s cyber extortion (Cy-X) in general. It might sound like semantics, but ransomware is – of course – a very particular use of malware to hijack a computer or network and extort money for its safe return. What we are witnessing a growth in, what we call Cy-X, isn’t just about patches and anti-virus, it’s about a criminal business model in which security is compromised, an asset is taken away, and held captive until a ransom is paid. This opportunistic and malicious crime requires a systemic and almost psychological response.

To look at Cy-X as a whole, not just ransomware, is to see an entire hive of extortion-led, crypto-enabled cybercrime which requires a consistent and methodical response from all of us in the industry to counter. We need to minimise the attack surface of victims, ensure they’re adopting best practice behaviours, and sharing fewer valuable assets online. Then we need to demotivate the offenders responsible, whether the initial access broker, their affiliates or operators, and have a concerted response by law enforcement to minimise the flow of funds from victim to perpetrator. Finally, we need to educate the wider community on constant vigilance – it’s a community-led approach that’s required to curtail the issue of cyber extortion.

Ultimately, ransomware, cyber extortion, and their ilk, are an infection, and will only be controlled if everyone plays their part in ensuring that their security is the best it can possibly be. The market conditions for ransomware, the availability of cryptocurrency, and the head-in-the-sand approach of many organisations, has created a fertile environment. We must all work together to prevent further growth.