Ransomware – The Virus With No Vaccine

Another pandemic?

Thought COVID-19 was the only virus causing mayhem across the globe? Ransomware, a form of cyber virus, is just as dangerous, if not more so; a lockdown will not stop the spreading. When attacked by ransomware, the victim’s files and systems are encrypted, rendering them unavailable until a payment is made in return for a decryption key. And, as we hear about new, more dangerous COVID variants every other week, ransomware, too, gets more harmful with time.

The rise of ransomware

Ransomware is nothing new; the first attack occurred towards the end of the 20th century. In 1989, 20,000 floppy disks, infected with PS Cyborg, were sent to attendees of the World Health Organization’s international AIDS conference, causing files to become encrypted. The demand? A payment of $189 to a post office box in Panama. We have come a long way since 1989; according to Palo Alto Networks, in 2020, the average amount demanded in a ransomware attack was $312,493, a 171% year-on-year increase. The sum is pennies in comparison to $10 million, the highest ransom amount paid in history.

Lindy Cameron, chief executive of the UK’s National Cyber Security Centre, says that ransomware has become the biggest threat to British people and businesses. Similarly, in the US, FBI Director, Christopher Wray, has likened the challenge of ransomware to that of 9/11. He said, “There are a lot of parallels”. The rise in ransom demands and payments are just the tip of the ransomware iceberg.

Primarily, ransomware attacks are becoming more common, rising by almost 500% between 2019 and 2020, according to Bitdefender’s 2020 Consumer Threat Landscape Report. The reason for such an astonishing increase is partly due to the success of ransomware attacks. With over half of victims paying the ransom, according to a global study conducted by Kaspersky, ransomware is an attractive attack method for malicious actors. Further, as cyber insurance policies increasingly offer ransomware coverage, cybercriminals have a larger pool of targets who are likely to pay. And, as payments are in cryptocurrencies, it is almost impossible for authorities to identify the perpetrators. While appealing, not everyone has the knowledge or capabilities to carry out ransomware attacks. However, the rise of the ransomware-as-a-service (RaaS) model has meant that now, anyone can conduct such an attack…

Threat to national security

RaaS has also increased the threat of ransomware; perilous actors who once only had a physical presence, or a limited virtual one, can now cause extensive damage through cyber capabilities. Of course, terrorist groups are the first of such actors to come to mind. With a desire to cause damage to the greatest extent, terrorists have found that ransomware can easily do the job; the financial gains are just an added benefit that can get reinvested to fund further operations. And financial gains are more likely as ransomware is increasingly preceded by data theft, a tactic aimed to exert more pressure on the victim.

Finally, the major cause for concern is that ransomware attacks are posing a threat to national security. What once was an attack method predominantly used for financial gain – whereby the damage to the victim was manageable – ransomware can now have a physical impact that puts a nation’s security at risk. Ransomware attacks on critical infrastructure can shut down operational technology (OT), the technology interfacing with the physical world. Hence, the crippling of OT has real-world spillover effects that, due to the critical nature of critical infrastructure, put a nation’s security at risk. We are talking about disruptions to healthcare providers, government agencies, oil and gas entities, and more. Of course, terrorists, equipped with RaaS, seek such an outcome, as do state-sponsored adversaries, who, while typically not seeking the same level of damage as most terrorist groups, have advanced and sophisticated resources and capabilities.

The spread of infection

Perpetrators have several methods at their disposal to infect a victim with ransomware. Below, is a list of some of those methods:

Perpetrators have several methods at their disposal to infect a victim with ransomware.

Various government agencies and cybersecurity entities provide recommendations on how to minimize the risk of a ransomware attack. And, while being valuable, such recommendations tend to fail to recognize the importance of hardware security, a security domain that goes sorely neglected, leaving enterprises exposed to hardware-based attacks. Without hardware security, the Physical Layer remains uncovered. Thus allowing Rogue Devices to go undetected as they operate on this layer. Spoofed Peripherals are manipulated on the Physical Layer and impersonate legitimate HIDs, being detected as such by endpoint security software. Network Implants go entirely undetected by network security solutions, including NAC. This is because they sit on the Physical Layer, which such solutions do not cover. Rogue Devices’ immunity to existing security measures means attackers can easily infiltrate a target without raising any alarms and, from here, inject malicious code.

HAC-1

Sepio Systems’ Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also protects against hardware-based attacks. As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged. HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints. In doing so, HAC-1 can provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.

In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware. Just as the tackling of COVID requires various efforts, so will the handling of ransomware; think of HAC-1 as the vaccine for hardware-based ransomware attacks.

Leave a Reply