Ransomware Evolution is Remarkable and Creepy

28 Nov Ransomware Evolution is Remarkable and Creepy


I’m a fan of art that inspires…but the combination of this image and the JIGSAW ransomware it’s associated with just gives me the creeps.

Creepy message from Billy the Puppet, displayed on execution of JIGSAW ransomeware

Creepy message from Billy the Puppet, displayed on execution of JIGSAW ransomeware

I’m sure you’ve seen a lot of news lately about ransomeware. This malicious software that encrypts the files on an infected computer and then requires a ransom payment from the victim to recover them has become one of the hottest security topics today. As I’ve watched it evolve, I find its advancements both in sophistication and in the type of systems being targeted to be really quite remarkable.

While ransomware initially focused on PCs belonging to individuals, it has rapidly evolved in sophistication and in the type of systems it targets – with corporate servers now being a major focus. The FBI recently issued a warning that ransomware variants have begun targeting specific business servers with the objective of identifying and targeting additional hosts to infect. This technique multiplies the number of servers to potentially hijack, thus maximizing ransom amounts.

The FBI further warns that some corporate victims of this type of attack have not been provided the decryption keys for all their files after paying the initial ransom amount, and have been extorted for more money to complete the decryption.

Some crimeware (Jigsaw, Stampado, Philadelphia and maybe more) delete random files every hour until the ransom is paid, doubling the number of files deleted each hour until the ransom is paid. Users are also punished with additional files being deleted each time they reboot their system in an attempt to rid themselves of the beast.

Ransomware is also evolving in many other ways. It’s now available as complete, off-the-shelf crimeware packages, or crimeware-as-a-service. So even cyber criminals with very limited technical skills can launch advanced ransomware campaigns using a point and click user interface.

Some of the ransomware tools have even evolved to make specific targeting relatively simple. Fill in the blank industries, geographic locations, and even the names of specific corporations or entities to attack make these tools very appealing to both seasoned and budding criminals. At least one ransomware package guides users with suggestions regarding how much ransom to charge based on the industry and location.  For example, those being extorted in the U.S. are charged much more than a company in Latin America.

Some of the tools even provide money laundering services, with anonymized methods for collecting the ransoms all ready setup.

There is some good news.  As bad as ransomware is, like any malware it has to be installed. That usually happens through compromised user accounts, and typically takes some time to pull off.  By using UEBA to monitor how user accounts are being used, anomalous behaviors are very effective indicators that something is up and that unauthorized programs like ransomware are being installed.

Even the most evolved and sophisticated ransomware can be thwarted if the initial anomalous behaviors of compromised user accounts are detected, reported, and disabled in a timely fashion.

Lynn Strand
Lynn is currently VP of Marketing at Fortscale. With over 19 years experience in the security industry—she has a deep understanding of fraud prevention, security technology, and SaaS solutions.

For over 20 years, Lynn has been creating and executing marketing programs that inspire people to take action. Well known for her excellent track record in generating and nurturing leads, her success comes from understanding how to develop integrated marketing campaigns that build brands and drive revenue.

Before Fortscale, Lynn was president, creative director, and senior security marketing consultant at Positive Impact Partner, Inc. and director of international marketing at ThreatMetrix. She has a BS in human development from the University of California-Davis.

(Visited 101 times, 1 visits today)