Ransomware Barriers to Entry Lowered

There are some forms of cybercrime that are becoming more difficult over time, and others are getting easier. Credit card fraud will be more difficult when the USA finishes the roll out of EVM cards, while TurboTax and the IRS are improving their defenses against tax return fraud. On the other hand, since the publication of the Mirai source code building a botnet of IoT devices has become much easier, and a number of factors are making it increasingly simple to set up a ransomware operation.

Though ransomware (that is, malware that encrypts all the files on a computer, and demands a ransom to return them) has been around for more than a decade, early variants were hampered by the need to receive payments in a way that did not leave an audit trail. Initially a service called E-gold was popular, but the US based company operating that service was closed by law enforcement as it was being used by criminals for money laundering (as well as extortion). However, about five years ago the growing popularity and availability of Bitcoin gave cyber extortionists a second chance. The anonymous cyber currency provides criminals with a safe way to manage payments for extortion, drug dealing, or even child sexual exploitation images.

In order to pay ransom, the victim must first obtain Bitcoin, usually by exchanging money for crypto currency on one of a number of online exchanges. In 2015 Cloudmark investigated how difficult it would be for a victim to obtain the necessary cyber cash. Because Bitcoin transactions are not reversible and credit card fraud is not uncommon on the Internet, all of these exchanges required a high level of identity validation before engaging in a transaction. At the time we wrote:

For same day purchases we found that Coin.Mx offered the best solution. This allows credit card purchases up to $500 after a validation process that, as well as the usual identity checks, requires the purchaser to make a video showing their face, a government issued ID, and both sides of the credit card used to make the purchase… Coin.Mx offers a poor exchange rate and charges a hefty premium for credit card use.
Cloudmark Security Threat Report 2015 Q1

Since then Coin.Mx has closed down, and the principals have been found guilty of various banking fraud and conspiracy charges. It seems that even purchasing Bitcoin exposes the victim to risk of identity theft and fraud, as Bitcoin exchanges are not regulated by any government or agency.

In August 2015 the source code for a ransomware attack was published on Github by security researcher Utku Sen. To avoid real world exploitation, he inserted several security flaws and backdoors in the original code. Though Sen has since abandoned the project and deleted the code from Github, it is still available on the Internet with a little searching. In spite of the flaws and backdoors, it does help to spread the expertise necessary to create ransomware.

Such is the ease of creating ransomware these days that some authors have given up on the idea of using it themselves and instead are selling copies for a few hundred dollars each (about the money made by one successful attack). Brian Krebs recently reported on one such product, which has a marketing video showing all the easy to use point-and-click features. Instead of a few widespread ransomware campaigns we are now seeing a large number of independent operators running variations on a number of different code bases. Like bank phishing, it has become a cottage industry with low barriers to entry. These sorts of attacks are hard to stamp out, as there is no single point that can be neutralized, as there was in the large scale CryptoLocker attack.

The best way to deal with ransomware attacks in the long run is to make them uneconomic by not paying ransom. San Francisco’s Municipal Transportation Agency was hit by a major ransomware attack in November 2016 which took down their fare gates, but after running the system without charging riders for a few hours, they were able to fully restore their system from backups, without paying anything to the criminals. Making sure that your data is backed up is the best way to make sure that you are never faced with catastrophic data loss through ransomware, theft, hardware failure, or accidental deletion.


Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2017 Cloudmark, Inc.