“Destructionware” – Ransomware is getting nastier
Ransomware - a type of malware that infiltrates and infects a user or company’s system and encrypts their data, holding the organisation to ransom until a large sum of money is paid in return for a decryption key to unlock it - is more pervasive than ever. However, the emergence of a new type of ransomware strain late in 2017 showed a sinister new face to the already destructive malware. Rather than having their data recovered when they paid their ransom, the victims of the attack found their data completely and irretrievably wiped, even after paying large sums of money to recover their information.
Whereas ransomware, in the traditional sense, seeks to make its perpetrators wealthy, the new strain seeks to destroy. It mimics ransomware and operates in a very similar fashion, accessing victim’s computers through an infected link or attachment, encrypting the data on the machine and any other servers it can spread to. However, the new strain is also able to elevate user access, meaning it can obtain user credentials and move laterally – undetected - between systems. The effects of such a wave can be catastrophic, with devastating financial and reputational consequences.
This new type of data wiping ransomware begs the question: who are the new cybercriminals intent on malicious sabotage of information, what do they stand to gain, and has ransomware evolved to be called “destructionware”, given its tendency to destroy rather than hold to ransom? We take a look at the possible motives behind “destructionware” purveyors, and how South African businesses can protect themselves from falling victim.
Cybercrime as a business
In cybercrime circles, what has been a simple get-rich-quick scheme for individual hackers and hacker syndicates, has evolved into a lucrative business. Ransomware-as-a-service (Raas) is increasingly being offered by industrious syndicates, who make a cut from their customers’ use of the code that they provide. However, as evidenced by the “destructionware” outbreak, money is no longer the primary objective of the cybercriminal world, and more sinister motives appear to be at play.
One potential motive is sheer bragging rights. Cybercriminals, or hackers, inhabit the Darkweb, an underground Internet used for nefarious purposes, and many develop reputations among their peers based on their expertise. It’s safe to say that a malware such as “destructionware” would launch the hacker or syndicate, responsible into the limelight, giving them a level of fame in cybercriminal circles.
The bragging rights that “destructionware” gives its makers effectively allows them to name their price for services such as RaaS, going forward. They also obtain that which every hacker seeks: the respect of their peers for bringing a large portion of global business to its knees with a few simple tweaks of an already prevalent malware.
Of course, there are those who would seek the services of such hackers or syndicates, for their own malevolent reasons. Former employees who bear a grudge against previous employers; activists who protest an organisation or government’s business practices; terrorist groups who want to add cyberterrorism to their arsenal; victims of lost investments; or even merely jealous individuals who wants to destroy that which they cannot, or do not, have.
RaaS has made ransomware – and now “destructionware” - accessible to anyone who wants to create and capitalise on the havoc it generates. One thing is certain: with ransomware and “destructionware” being so readily available, the likelihood of further and more evolved attacks occurring is high, and business owners need to take the necessary steps to protect themselves as best as possible.
Protecting yourself and your business
If organisations do not already have a comprehensive 360-degree security strategy, then the time is right to do implement one. A comprehensive strategy incorporates preventative security controls in the form of the necessary Operating System (OS) patches, effective anti-malware solutions, complete system protection, end point security, data centre security, perimeter and access control, and more.
New developments in cyber security are using data analytics and AI to scour patterns an identify anomalies which could pre-empt or signify attack, with the goal of shutting shown systems connected to the infected device to prevent the malware from spreading. As cybercrime evolves, so does cyber security, however evolving cyber security also creates new challenges that hackers are only too eager to crack. As such, a cycle of ongoing cybercrime versus cybersecurity measures is born.
A truly effective security strategy needs to be underscored by education. Users within an organisation must be educated on cybercrime and safe browsing habits. When employees understand what to look out for and how to safely navigate all Internet enabled services, they automatically reduce the risk of infection and attack. Ransomware and “destructionware” cannot succeed without willing participation of the victim in that he or she needs to physically click on the infected link or attachment in order to download the malware.
In an environment that is increasingly reliant on Internet connected devices and where Bring-Your-Own-Device (BYOD) is a fairly common practice, even with a comprehensive security strategy there can be vulnerabilities. Users who understand the risks of clicking on unknown attachments or links are less likely to do so without carefully researching and understanding the source of the link or attachment.
Education also encourages users to practice safer browsing habits outside of their office, leading to less likelihood of an infected device entering the organisation’s environment.
Security needs to be tackled from multiple angles, and not simply opted for as a necessary evil. When profits and reputations are at risk, businesses simply cannot afford not to invest in security, and the value of having a comprehensive system in place to prevent malware attacks must not be underestimated – just ask any one of the 65 or more large companies who were hardest hit by “destructionware” and may never recover their losses.
Paul Jolliffe, Lead DSM: Security, T-Systems South Africa
IT Employees Predict 90% Increase in Cloud Security Spending
As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio.
But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in.
Why Are Cloud Platforms Taking Over?
According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings.
Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix.
Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help:
What are the Security Issues?
Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats.
The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats.
How Will Companies React?
They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes.
After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’.
The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’.