#Infosec16: Cisco’s Martin Lee Discusses Evolution of Ransomware
Speaking at Infosecurity Europe 2016 Cisco technical lead, security research Martin Lee explained that today’s hackers are manipulating age-old theft models and improving them for modern-day cybercrime, with the evolution and widespread use of ransomware a key example.
“Ransomware itself is not particularly old. The very first example dates from the tail end of the 1980s,” he said, and so it is a relatively new technique that cyber-criminals have adopted.
Ransomware is a new model; a new way for cyber-criminals to work, Lee continued, and the industry is constantly having to deal with new variants of ransomware along with increases in the amount of money cyber-criminals request for the decryption of locked data.
In terms of the driving force behind the huge upsurge in ransomware in recent times, Lee argued that “There is an awful lot of money to be made in ransomware,” suggesting hackers are now fully aware just how damaging the loss of vital or personal data can be to a company or an individual.
“Hackers will try to find out the maximum price for your data; ultimately they don’t care, but they know you care about your data so you will most likely pay up”, he said.
There has also been a notable change in activity within ransomware attacks, Lee added. More and more hackers are now adopting a B2B approach and targeting businesses rather than individuals, as they know there is far more money to be made by hitting this lucrative market.
However, Lee argued that ransomware is, in fact, fairly easy to defend against, if you are regularly using workable backups; although it is important these are carried out from a holistic viewpoint that takes into consideration factors like delivery, exploitation, installation and recovery.
“If you can block ransomware early on, then it cannot get the key, and the malware cannot activate”, he said.
To conclude, Lee argued that the most important factor in defending against ransomware is having a structured plan in place and knowing what you need to do if you are hit.
Source: Information Security Magazine