Ransomeware is becoming a very popular way for cyber criminals to make money. While cities and individuals put methods in place to slip by firewalls and other protections, the hackers are slipping through those protections with ease.
Linda Hamilton is the client operation manager for the data recovery firm Proven Data. She said attacks used to be simple, easy to spot and straight-forward. “That’s not the case anymore. We’re seeing more and more hackers moving laterally within systems. They’re getting smarter, turning off anti-virus systems, and creating domain controller accounts to gain complete access to systems. They’re generally doing a lot more damage than they used to,” she said.
Mark Congionti is the operations president of Proven Data. He said ransomware hackers mostly target hospitals, government agencies, schools and manufacturers. That is where they can mine the most sensitive data the easiest.
“Hackers are specifically targeting larger organizations because they’re able to demand a higher ransom fee. They’re also tending to target countries where they think they can extort more money, so places like the US, the UK and Canada where there are higher costs of living, higher wages and so on,” Congionti added.
He says most hackers are from a few countries like Russia, Ukraine, North Korea, China and India.
Like most cyber-attack experts Victor Congionti — who is the CEO of Proven Data — says people are often the problem when it comes to malware getting into a system. They easily hack into email address books and then use accessed email addresses to send phishing campaigns to them and then to those generated from others.
“Ransomware is only going to become more sophisticated, we expect hackers to start using machine learning and artificial intelligence to develop ransomware variants that evade anti-virus with ease,” he said.
And if you haven’t heard, Russian computer hackers have invaded thousands of home and office routers. The FBI says — if you haven’t done this already — shut off your router and make sure you download or have downloaded any updates from the manufacturer.
Assistant Attorney General for National Security John Demers said the FBI was able to seize the website — run by the Russian government backed Sofacy — that would have controlled the routers but the infections are still present in those routers.
“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” he said.
By the way, most are those bought at electronics stores and not ones provided by network providers.
Source links: Insurance Business America, Insurance Journal, Business Insurance