I had a great conversation today with some colleagues and as we were solving the problems of the world it struck me how much the game has changed over the last few years.
Four years ago, we were working to connect everything we could. Words such as linked, integrated, merged, combined, and connectors were the hot topic in Information Technology.
These days, IT language has changed to segmented, offline, isolation, partition, and distributed. So, what happened in few short years to completely change the way that we approach technology? Ransomware.
Ransomware rose to prominence in 2012 and really took off in late 2013 with the propagation of CryptoLocker. The use of Bitcoin digital currency to collect the ransom was a huge benefit for criminals because for the first time they had a way to collect the ransom without being caught.
Ever since the days of the abduction of Charles Lindbergh, Jr. in 1932, the challenge for criminals has been how to collect the ransom without being caught. Bitcoin was the solution that the nefarious people of the internet had been waiting on since the idea of using cryptography for data kidnapping was introduced in 1996.
To make matters worse, ransomware proliferated with the use of Ransomware as a Service (RaaS) in late 2016. RaaS is a type of Software as a Service (SaaS) platform available on the internet. Among the many kinds of SaaS provided by tech vendors, ransomware as a service is different as it represents an offering used by criminals to attack IT systems.
Stampado was first RaaS on the marketplace for just $39. The developers went on to create Philadelphia, a more sophisticated offering priced at $389. Their ad reads “Stampado is a Quick-Deploy Ransomware with a dreamly (sic) price that allows you to start your first campaign in seconds! You do not need servers, and the payment options will be as many as you know, Bitcoin, Bank Transfer, or whatever else. Just run Stampedo and you’ll be presented with a panel where you will find everything you need. Generate builds, create and track campaigns, decrypting individual files (for victims that want proof that you will do so once they pay), and generate Decryption Keys.” The software is readily available on the Dark Web and is accompanied with links to production-quality videos on YouTube. The creators even offer online support for customers to ask question and troubleshoot any issues.
So, cities and counties that were working to tie all sites and services together are now working frantically to ensure that if one entity is hit with ransomware, other areas are not affected. When Atlanta was hit with ransomware in 2018, many city services and programs were affected by the attack including utility, parking, and court services. City officials were forced to resort to manual processes that included completing paper forms by hand.
Businesses that were working to integrate their data with partners and their regional offices are working to segment the systems and disconnect the connections between locations. The ease of centrally managing systems has been replace with the fear that ransomware can propagate to all connected systems and services.
The FBI advises not to pay a ransom, in part because it does not guarantee you will regain access to your data. In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, you may not be able to recover some or all your data even with a valid decryption key.
If you follow the 3-2-1 rule of backups, you will never have to worry about paying a ransom and will only have to create your remediation plan.
I hope you find this information useful when creating your cybersecurity and data recovery plans. Let us know if our team can assist in ensuring that you and your team are well prepared.
Like our Facebook page by clicking on the icon at the top right of this page to stay up to date with date with current alerts and information!
Disclaimer: The above information is not intended as technical advice. Additional facts or future developments may affect subjects contained herein. Seek the advice of an IT Professional before acting or relying on any information in this communiqué