FireEye revealed a sharp spike in cyber attacks aimed at extortion, marked by an increase in ransomware attacks. FireEye found that ransomware detection in India rocketed by a factor of 292 in February 2016 over November 2015, paralleling the steady growth of this threat globally.
Ransomware is a type of malware that renders the victim’s computer or specific files unusable, and demands a ransom from the victim in return for a cryptographic key which can be used to restore the computer or decrypt the encrypted files.
Online virtual currencies are preferred methods of payment because they are not easily traceable. Since the average ransom demanded from an individual user is relatively low, threat actors distributing ransomware typically follow the “spray and pray” tactic of sending out as many lures as possible emails with malicious attachments or links to malicious websites to maximize their potential gains.
Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation. For example, in 2015 FireEye observed a small-scale ransomware operation that nevertheless likely netted the perpetrators about $75,000.
The success of prolific ransomware families such as CryptoWall has provided a blueprint for aspiring ransomware developers, showcasing increasing profit margins and campaign sustainability. FireEye Threat Intelligence observed CryptoWall generate illegal gains of USD one million over a six-month period in 2015.
The emergence of several new ransomware variants adopting a ransomware as a Service (RaaS) framework since mid-2015, a phenomenon likely driven by the competitive development of quality goods and services within the cyber crime ecosystem. RaaS offerings are highly likely to fuel an increasing number of ransomware infections.
Consumers are exceptionally vulnerable to these attacks. Even small and midsized businesses in India typically lack sophisticated security technologies which can effectively block this malware. Some ransomware is likely to get through, and this can be costly. FireEye has received many inquiries by firms in this situation.
Enterprises which use technologies which can detect advanced cyber attacks are likely to fair better than those that do not. Firms still relying on signature-based detection are likely to face challenges.
Bryce Boland, CTO, APAC, FireEye, said, “Ransomware has become a major problem in India and across the wider region. FireEye has been inundated with inquiries from businesses. Unfortunately, by the time ransomware encrypts your files and holds them for ransom, the damage is done and it’s too late to take preventative steps. Attacks on some organizations can result in major disruptions to important services. Ransomware isn’t going away, in fact attackers will continue to evolve it to make it more sophisticated. It’s important that organizations assess business risks posed by ransomware and more sophisticated advanced cyber attacks.”