The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Ransomware Moves to the Next Level



If you’ve been paying any semblance of attention lately, you’ll know that the level of ransomware activity is reaching epidemic levels. It’s pretty much out of hand, honestly. And, unfortunately there doesn’t seem to be any great defensive hope on the horizon.

Hard data on the number of ransomware attacks and the amount of money that victims are paying is difficult to come by, but researchers at Kaspersky Lab recently published some numbers that are pretty alarming. The company’s data shows that crypto ransomware attacks increased by more than 500 percent last year, with more than 700,000 customers being hit by some form of the malware. That’s an enormous number of potential victims, and that’s just one company’s customers. You can probably multiply that number several times over and still be on the conservative side.

Attackers have taken to going after enterprises with their ransomware too, knowing that it’s prudent to go where the big money is. Those attacks are now beginning to take on new and truly scary forms. Take the attack on an orthopedic clinic recently as an example. The attacker compromised the clinic’s network, he says by using an RDP vulnerability, and stole massive amounts of patient records, business data, and other information. But rather than simply encrypting a few machines and demanding a couple thousand dollars in ransom, he sent a highly detailed ransom letter to the clinic’s director, complete with information about the director’s family and samples of the patient data he stole.

The attacker threatened to release the clinic’s data publicly unless the clinic paid a ransom of 250 Bitcoin. That’s a brutal choice for a small business. Pay an enormous ransom that could financially ruin the company or see your patients’ data released. Either way, the business is likely finished.

On the consumer side of the coin, there are now ransomware variants that are using some of the tactics. A version of the Jigsaw ransomware now has a function that not only collects victims’ passwords, chat histories, and other personal data, but also threatens to send that information to the victims' contacts if the ransom isn’t paid. In this case, the ransom is $5,000, a huge price for any victim.

Where does this end?

There’s no logical conclusion in sight. But there are plenty of other avenues for ransomware attackers to go down. The possibilities are virtually endless. Think about the potential that a connected car offers for a ransomware author. Or a house with a home automation system. Locking up a victim’s car or home with ransomware would raise the stakes to a much higher level. Some current ransomware victims have backups for the data on their laptops, so they can ignore the ransom demands. But no one really has an answer for a compromised car or house.

Medical devices, ICS systems, autonomous cars. These are all juicy and natural targets for the ransomware gangs. They’ll get theirs eventually, and when they do, odds are that the targets won’t be ready.

Dennis Fisher

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.