In keeping with the fact individuals and enterprises are seeing and experiencing a lot more occurrences of ransomware, I’m also seeing a lot of articles and comments either discussing it and what to do about it or providing some siloed indicators of where ransomware might go.
A number of comments, in my opinion, are aimed at what ransomware has been up until now and how to combat it. Very soon, few if any of these suggestions are going to be effective in stemming the tide of ransomware. It’s my opinion that ransomware is already exhibiting some horrifying variations that we aren’t taking into consideration fast enough.
To Really Protect, Think Like a Criminal
It’s not a coincidence that some of the best minds out there when it comes to really understanding IT Security and how to actually address risk and stop these types of well conceived and formed attacks come from those who lived on the dark side and have come to the light – former hackers like Kevin Mitnick, Robert Morris and others. And we have a lot of white hats (too many to name here) who are extremely good precisely because they (a) think the same way as the criminal black hats and (b) have incredible intimate technical knowledge just as black hats do.
And don’t think your servers are safe. Hackers are already looking to get inside of your data center and maliciously encrypt and hold for ransom as much of your company as they can.
In order to effectively handle some of these malevolent attacks, you can’t be standing still. The whole history of dark-side hacking, breaches and generalized wreaking of havoc paints a storied picture of never standing still. Because once something is proven as technically possible, the very next thought by highly sophisticated hackers is instantly “How can this be extended?!”
Almost all hacks start out as “let’s try something” attempts. Initially even conceiving of a new vector often takes intimate and expert knowledge of the target (usually operating system, but sometimes a target language flaw or other kind of architecture). But once a potential vector is exposed as having validity, it’s game on. There’s the initial hack, and then all the “mods” (modifications) that go with it come like a flood. (Reference the attached graphic associated with this article.)
Ransomware is no different. Just when you think you’ve got the attack scheme and the attack vector figured out, so many mods are hitting you, it makes your head swim. I’m seeing some articles, well-meaning, that state “if you just do this, this and this, you can stop ransomware.” If you do those things, yes, you can stop the ransomware of today or the ransomware of last week. But you won’t be doing much to stop the ransomware of next week or next month or that’s coming out in three months.
Hackers are always thinking fifteen steps ahead. It’s time we started doing the same. Here are some things to “look forward to” and expect when it comes to ransomware. A lot of these mods are already in the wild! But if they are not, you can be sure, hackers are already working on these: More »Tags: Encryption, IT Security, Ransomware