printer friendly version

Is business the next target?

In the last 18 months, ransomware has emerged as a serious tool for cybercriminals and has developed into a growing concern for security-savvy citizens and business chief information security offers (CISOs).

Carey van Vlaanderen, CEO of ESET Southern Africa.

Described by some as the virus ‘that blackmails you’, ransomware essentially blocks access to your files, while simultaneously demanding payment in return for restoring access – an attack that can earn cybercriminals big money.

A large number of ransomware variants have come and gone in years gone by, from those that encrypt your hard drive in exchange for bitcoin payments, to those which simply try and scare the user into coughing up their money. By far, the most dangerous type of ransomware this decade has been Cryptolocker, which has already infected half-a-million PCs. It was also big enough for the FBI and Europol to get involved and they eventually brought down the criminal’s computing infrastructure behind the ransomware.

To date, however, most victims have been random citizens, infected by a phishing e-mail, spam or a fake software update. It may also arrive via a drive-by-download attack on a bogus or spoofed Website. Users are usually infected after clicking a link or opening an attachment, and the virus will then look to encrypt the hard drive. The ransomware alert will appear on screen and cannot be minimised. At this point, the attacker(s) will request a ‘modest’ amount of bitcoins for the files to be unlocked.

The danger in paying is that there is no guarantee that the cybercriminals won’t return for another payday. The best bet is to go back to your most backed up files.

The question is: could ransomware be used to hit organisations that hold the most capital – that is, the banks? Up until this point, the answer has been a straight ‘no’. Banking defences are better than most other sectors, and the only ransomware to target banks was actually aimed at their customers, mainly through phishing emails.

However, recently there have been signs of change. Last month, researchers indicated that three Greek banks were targeted with bitcoin ransomware, with attackers from the Armada Collective requesting a grand sum of €21 million to decrypt the files. And while it was not strictly ransomware, an individual going by the name of Hacker Buba also demanded a ransom of $3 million after penetrating the defences of a small bank in the UAE, InvestBank. He was foiled, although his plan was to release customer data until payment was received.

These attacks are currently few and far between, but with ransomware authors creating new variants which target Window and Mac, mobile devices, YouTube ads and now, encrypt entire websites, you can be sure that bank defences will be tested by ransomware for a long time to come. The one million dollar question is whether banks can do enough to keep them out.

Share this article:

Further reading: