Tag Archive for: stopping
Researcher takes on ransomware and the products for stopping it
/in Internet Security
Ransomware, one of the most troublesome forms of cyber attacks, is in the crosshairs of a leading cybersecurity research outfit. The researchers at the MITRE Corporation’s Ingenuity program recently called for industry to help find out the effectiveness of cybersecurity products designed to help stop. For the answers, the Federal Drive with Tom Temin spoke with William Booth, the general manager of MITRE’s evaluations program.
Tom Temin And just a brief word on the ingenuity program, which is one of the major channels of MITRE’s work. And then tell us a little bit about the program that you specifically run for evaluating software.
William Booth Yeah. So I run a tech evaluations, which is born out of and based on either attack framework, which is really a way of describing cybersecurity tactics and techniques used in the real world. And we take that knowledge base and we apply it through evaluations to all the leading cohort of cybersecurity products.
Tom Temin In other words, you try to make sure that the products out there actually match and can take on what you know to be the real threats.
William Booth Yes. And that people have insights and a reference for performance on how they’re doing, both on the detections and on the protection side.
Tom Temin All right. And now the latest call out for industry to join with you, you’re looking at specifically what problem and what types of software?
William Booth We’re mostly focused this time on ransomware continues to be a leading issue both for private and for government. And so we’re tackling that through slightly different than before where we chose a single adversary. Here we’re using an amalgamation of multiple very prevalent and relevant ransomware attacks. And in addition to that, we’re also for the first time, introducing Mac OS, which is going to be focused on the DPR case activity. Recently, there’s a lot of products out there that cover Windows and Linux and also have Mac, but that’s kind of unknown right now on performance and where the benchmark is. And so we’re hoping to set that.
Tom Temin So the North Korea then is going after Macs for ransomware. And are they generally going after…
Justice ‘Hacked the Hackers’ of Hive Ransomware, Stopping $130M in Demands
/in Computer Security
After a months-long effort, the Department of Justice has disrupted the Hive ransomware group—which the FBI labeled a top 5 ransomware threat—according to an announcement on Thursday.
The efforts of the DOJ and international partners “hacked the hackers,” hindering $130 million in ransom demands, according to Deputy Attorney General Lisa O. Monaco.
Hive ransomware group went after more than 1,500 victims in 80-plus countries, the announcement noted. Victims included hospitals, school districts, financial firms and critical infrastructure.
These attacks have greatly disrupted victims’ operations, such as impacting a hospital’s response to COVID-19, the DOJ stated. Specifically, one hospital had to use analog methods to treat existing patients and could not accept new patients after the attack.
“Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in a press release. “Cybercrime is a constantly evolving threat. But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack. We will continue to work both to prevent these attacks and to provide support to victims who have been targeted. And together with our international partners, we will continue to disrupt the criminal networks that deploy these attacks.”
The FBI infiltrated Hive’s networks in July 2022 and remained to capture the group’s decryption keys. The FBI provided more than 300 decryption keys to victims under attack and more than 1,000 decryption keys to previous victims, preventing victims from having to pay $130 million in ransom demands. Beginning in June 2021, the ransomware group was able to extort more than $100 million in ransom payments, before the FBI operation.
As noted in the announcement, Hive utilized a ransomware-as-a-service, or RaaS, model that included administrators—occasionally called developers—and affiliates. According to the announcement, RaaS is a…
Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)
/in Internet Security
Ransomware attacks are in decline, according to reports by several cybersecurity companies. Why is that?
More effort for less pay
In its mid-year 2022 Cyber Threat Report, SonicWall notes that there has been a global 23% drop in ransomware, “as geopolitical forces, volatile cryptocurrency prices, and increased government and law-enforcement focus impacted both who cybercriminals chose to attack and how well they were capable of carrying out those attacks.”
After witnessing many high-profile destructive attacks, companies have also been hardening their defenses, putting another obstacle in front of ransomware groups.
Among the reasons for the decline could also be that fewer organizations are willing to pay a ransom: According to Coveware, in Q1 of 2019, 85% of the cases they handled ended in the cyber criminal receiving a ransom payment, and in Q1 2022 that percentage fell down to 46%.
In Q2 2022, the median ransom payment also went down by 51% from Q1 2022.
“This trend reflects the shift of RaaS affiliates and developers towards the mid market where the risk to reward profile of attack is more consistent and less risky than high profile attacks. We have also seen an encouraging trend among large organizations refusing to consider negotiations when ransomware groups demand impossibly high ransom amounts,” the company shared.
To pay or not to pay?
Two US states (North Carolina and Florida) recently prohibited state agencies, counties and minicipalities from paying a ransom in response to a ransomware incident. North Carolina’s prohibition even extends to public schools and universities. BakerHostetler counsel Benjamin Wanger and associate Elise Elam say that they “expect to see similar laws introduced and/or passed in several additional states.”
Whether that’s a good move remains to be seen, but even IBM Security’s 2022 Cost of a Data Breach Report notes that, oftentimes, it doesn’t pay to pay the ransom.
“Ransomware victims in the study that opted to pay threat actors’ ransom demands saw only $610,000 less in average breach costs compared to those that chose not to pay – not including the cost of the ransom. Factoring in the high cost of ransom…