+1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Ransomware as a Service- The Dark Side Has a Platform Too

Written by Damon Tompkins

June 14th, 2016

You’d think that by now we’d be pretty savvy, that anti-virus software would protect us, or at least warn us about suspicious links that we’ve been invited to click on. And who doesn’t know that downloading files from unknown sources is a no-no? We all do. But people, even smart people, do it every day.

After all if Facebook CEO Mark Zuckerberg creates and reuses the same simple password (dadada) over and over again, what does that say for the rest of us?

All the password security tips (including Facebook’s own) and two-factor identification tools in the world don’t matter if we don’t use them.

But wait, that’s just the simple part of the story because our behaviors as consumers follow us to work. And while the gals and guys in IT work like crazy trying to protect the Enterprise, they have not only sloppy internal users and data thieves to contend with, but an enemy that has a slightly different approach. Taking data hostage, locking it down, and destroying it unless a ransom is paid.

Ransomware is on track to become a $1 billion industry.

Yes, Ransomware is now also a business. It’s on track to become a $1 billion industry according to CNN. So far in Q1 2016 $209 million was paid out to data hostage takers.

Here’s how it works.

Ransomware acts like a virus which is usually activated by downloading what looks to be an innocent email attachment or by a click on a link in a legitimate looking website. The click downloads and installs software which crawls through your computer or entire network and encrypts all of your files so you can’t access them unless you pay a ransom (usually in the form of a cryptocurrency). If you’re an individual, the sum of money is probably less than $500; the extortionists need to keep it affordable or you’re less likely to pay. If you’re a company it can be considerably more because there’s something bigger than family photos at risk.

Take Hollywood Presbyterian Hospital for example, it was invaded by Ransomware earlier this year and paid the equivalent of $17,000 in bitcoin to obtain a decryption key to get its data back. While police and security experts tried to help the hospital regain control of its information, they couldn’t do so quickly enough—according to reports, systems responsible for CT scans, documentation, lab work, pharmacy functions, and electronic communications were out of commission. Hospital workers had to use pencil and paper to record activities and it was reported that radiation and oncology were temporarily shut down. Additionally some 911 patients had to be diverted to other hospitals.

So, it’s no wonder that Allen Stefanek, president and CEO of Hollywood Presbyterian Medical Center paid the ransom. Especially when you take into account that ransomware typically deletes information as time goes by—just a little a first, but the amount rises exponentially until you pay or nothing’s left.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,,” said Stefanek in a statement.

As if all of that isn’t dangerous enough, a new contrivance called “Tox” is now being sold on Darkware markets. It’s a self-service tool built for would-be criminals that allows them to package their own ransomware.

Here’s how Tox recruits would-be affiliates:

Good day,

This offer is for those who want to earn a lot of money via, shall we say, not a very righteous path. No fees or advance payments from you are required, only a large and pure desire to make money in your free time.

I propose mutually beneficial cooperation in the sphere of distribution of my software. It is desirable, of course, that you have already had some minimal experience in this business.

But if you have no experience, it is not a problem. In addition to the file, you will receive detailed instructions on how and what to do – even a schoolboy could do it; you need only time and desire. The scheme is simple, and tested and working 100%, revenue yields are decent. Thus, you are not risking anything in particular (money being the most important), and are getting valuable experience, and if you succeed – a good cash reward. At the same time, you do not need to bother looking for work ideas, encryption software, nor for receipts and processing of payments. Details – for all come

Yes, ladies and gentlemen, meet Ransomware-as-a-Service. It’s here. And as Wired Magazine put it in a non-related article, people from all over the world who can’t find decent paying jobs are turning to hacking, “simply looking for work that pays”. Once the domain of nefarious and knowledgeable hackers, the advent of Ransomware as a Service can allow anyone to try their hand at cybercrime.

For both individuals and companies, a proactive defense is a must. And products that can stop ransomware before it can crawl through a system are key. My company, Thycotic, acquired Arellia which focuses on end-point application white listing to prevent your organization from being held hostage by a hacker, or anyone aspiring to be.

Ransomware_As_A_Service

What makes IAM, PIM, PAM and the other acronyms so confusing?

Get the answers—and check out our interactive ACRONYM DICTIONARY

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Damon Tompkins

Responsible for leading a world-class sales organization in the Americas, Damon brings more than 20 years of experience in building and leading high performance sales teams in the enterprise software industry. Prior to joining Thycotic, Damon served as Senior Vice President of Corporate Development for Metalogix Software where he helped create and execute its overall go-to-market strategy as well as the integration of MetaVis Technologies (acquired in 2015) where he was the Vice President of Worldwide Sales & Marketing. He has also held senior sales management positions at Apptio, NetIQ, PentaSafe (acquired by NetIQ) and Idera Software (acquired by Metalogix & TA Associates).