How Hard Is It To Become A Cyber-Criminal?

According to a recent article on Naked Security, not at all hard.  While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.

Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400.  And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically.  The package includes:

  • A command and control server (CNC or C2) to communicate with victims and manage operations, including statistical analysis and payments from victims.
  • Samples of ransomware phishing emails, and the ability to create and customize these emails.
  • This kit comes with a number of additional features and capabilities.
    • Mapping victims’ locations on Google Maps
    • A “give mercy” feature in case you need to undo an attack for some reason
    • The ability to customize the extortion notice
    • A feature called Russian roulette, that deletes some files after a certain time frame to motivate victims into making quicker payment.

If you want all the details, click over to Naked Security for the full story.

To protect yourself from this and similar exploits, we recommend:

  • Don’t open unexpected attachment without confirming the attachment with the sender, or forwarding the email and attachment to VirusTotal for analysis.
  • Don’t enable macros for document attachments or document links in emails. Macros are disable by default for security purposes, and enabling macros can open the door to malicious software installation.
  • Backup your documents and store a copy off-site, so if your documents are encrypted by ransomware, you can restore from your backup.
  • Install Microsoft and other software updates to close security holes as they are discovered.  Both the recent WannaCry and Petya/Non-Petya exploits can be prevented by a Windows update released last March.
  • Use Sophos Intercept X, a security applications specifically designed to recognize and neutralize ransomware attacks.  This is a product we recommend to our clients.

 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.