Our war against ransomware should start with better awareness about the epidemic as it is evolving. Ignorance is not the the concern only in India. Even in US it is stated that more than two thirds of US office workers are unaware of ransomware threat.
A recent survey of 1000 workers in US conducted by a security firm Avecto revealed that widespread ignorance prevails about the ransomware threat. About 39% of the respondents expressed that they donot have confidence that their employer may have adequate safetguards for their online safety.
Nearly 40% of businesses were hit by ransomware atacks in the past one year with more than one third of them losing revenue and 20% forced to close down. More than 4000 ransomware attacks happen every day making it the leading threat in the cyberworld. The average ransom demand is reportedly doubled to $679 from $294 at the end of 2015 and over 100 new families of ransomware has been discovered.
Ransomware on Android has grown in several parts of Europe spreading through malicious APK files which users download and install, as well as through tricky spam messages, and malvertising. The malware may some times simply lock the screen and change the PIN to demand ransom.
The next wave of ransom ware is expected to attack the IOT s making life miserable for the tech savvy digital society resident. While the traditional ransomware attacks data residing inside the computing devices, IOT ransomware may take control of the devices and make them act under their control leading to dangerous consequences such as crashing of Cars, burning out of devices, causing fire and other physical hazards including causing death of a person using the IOT devices near his person.
The growing problems observed in Samsung mobile devices could also be a manifestation of a malware meant to hurt the company. Similar malwares can also turn into ransomware to threaten… “Pay up or else, your mobile/device will burst”. With the kind of social engineering that precedes a targetted attack, it is possible that ransomware may be installed in a user’s family device such as the son/daughter’s mobile and threat sent to the father so that immediate compliance is guaranteed.
The risk becomes larger since “Ransomware as Service” (RaaS) is being increasingly offered by the underworld. This ensures that it can be used just as “Supari Killers” are used in the physical world for committing murders. This empowers all and sundry to adopt ransomware to settle personal scores and make money.
The raise of “Crime ware as a Service” requires to be tackled at the same level as we handle “Terrorism” as a part of global security. I wish global leaders like Mr Modi as well as the ISIS baiters like Donald Trump donot forget to fight the threat of “Crime ware as a Service” to protect the digital world of the next decade”.
The Fight against ransomware in corporate world has to focus on reducing the possibility of the employees falling victim to spearphishing attacks. While most infections are being caused by “Opening of Attachments” from e-mails and we often say “Donot open attachments from unknown persons”, the fraudsters who use spearfishing spend time in researching the victim and finding out his weaknesses before sending out an attachment. It may be possible to teach an employee not to open an attachment that says “Exclusive Pictures of the URI attack” or “A Bollywood star in Bed with a Cricketer”, it would be difficult to make him not open an attachment which appears to come from his boss and says, “Proposed Salary Revision”.
Phishing of e-mails and websites have become so sophisticated that we need “Two factor authentication” for every e-mail to add to its trustworthiness.
Recently, in India a phishing website in the name of “lCICI” was found to confuse the Netizen with “ICICI” (The leading Bank in India).
Watch the adjoining picture and let me know if you can spot the difference in the URL from a URL that would represent the genuine ICICI Bank.
If such phishing succeeds, as in most cases it would, one cannot blame the eye sight of the Netizen.
(Let RBI which is holding up the limited liability circular under the vested interest’s pressure take note that Customer cannot be held responsible for negligence if he is tricked into believing that such phishing e-mails are genuine).
Cylance, a security firm has recently put out a detailed account of how Cerber Ransomware operates which is an excellent guide for everyone watching this space to study.
Cerber is the third most prevalent ransomware in the wild with a market share of 24% behind CryptoWall (41%) and Locky (34%). Its uniqueness is that it uses a continuous change of its file name make it impossible for anti virus software to identify it by its signature file name. It is known to spread via weaponized Microsoft Word documents and also exploiting the vulnerabilities such as Adobe Flash Player. Sophisticated distribution mechanisms with “Affiliate Programs” are on offer. It is using “Bitcoins” as the payment made.
It is said that the average cost of ransomware in large corporations could be $1 mllion to $10 million making it a risk that cannot be ignored. The Bitcoin community which wants to legitimize the use of Bitcoin as a recognized currency needs to take steps to ensure that ransomware does not become the new “SilkRoute” as the war against Ransomware will start with the complete shutting down of “Bitcoin” as a legit currency.
I urge the Government of India and Mr Narendra Modi to use the occassion of the anniversary of the Digital Society Day of India falling on 17th October to declare the “War on Ransomware” open.
To start with the Government should announce its intention to tackle this as “Cyber Terrorism”, register cases under Section 66F of ITA 2008 so that it falls within the international cooperation treaties to enlist the support of law enforcement agencies in other countries. The rest of the strategy can be dicussed subsequently.
It would be better if the Government sets up an expert committee to develop the strategy for tackling the menace of Ransomware (without limiting it to the coterie in Delhi)..
Dear Mr Modi…. are you listening?
Naavi
