Ransomware Costs Victim One Million Dollars
A story that’s going to get a lot of ink and airtime in one form of media or another is the news that a South Korea web host – Nayana – paid out one million dollars to a hacker … or a group of ‘em – who effectively shut down their entire operation.This ransomware called Erebus (pronounced Airy Bus) started making the rounds last September and targets Linux servers. No doubt this has set off all kinds of alarms in the Linux server world. Web hosts are probably scurrying about making certain they’re protected from this nasty code which has been pretty much limited to South Korea – so far.
But a million dollars? Is this a sign of what’s to come? These guys knew what they were doing and knew that they were going to be affecting a business operation – not a home user. This may not be the first million-dollar ransomware case … it may only be the first that’s been announced to the press. Think about it … how many mega companies would want to admit they paid a kabundle of money to rid themselves of ransomware? I can’t imagine there are many that would.
Sooooo…. expect the cost of rescuing domains and networks from ransomware to go up – lots … lots and lots, for targeted victims. Home users? Eh … not so much. The prize is going to be huge corporations and the challenge for their IT department will be keeping the bad boys out of their systems.
And therein lies the rub. Companies are starting to figure out that their security needs aren’t really being met … or that their IT staff just may not be up to that challenge. Yah! Just because one wears the mighty badge of a CompTIA A+ certified technician doesn’t mean that individual knows one thing about adequately protecting your network.
Same goes for other security specific certifications. You can pile them far and wide, but just because an individual has earned a CISSP this or GIAC that, SSCP – or any one of countless other certs available out there does not mean he or she is fully capable of competing with the guiles and the Wiley ways of dedicated and intensely focused network hacker or attacker.
Unless a corporation has a team of amazing talent whose skills excel far beyond anything taught in a book or earned by a cheesy certificate major security breaches will continue to be among the leading headlines. You see, the cybersecurity skills aren’t quite up to matching the talent of the competition – and they never may be.
And here’s a great example of why the average IT tech’s security game may not be good enough. Retail store Buckle has come to the awful realization that hackers were perusing their cash registers for several months and have had to advise their customers their credit card data was probably compromised. Malware located on their point of sale equipment was the source of the breach … and Buckle officials still don’t have any idea how many cards were compromised. Yikes.
The harsh realities of this topic? We’ll never fully understand the malicious minds that develop the viruses, malware and ransomware … but the intent and end result is always clear. If it isn’t mayhem of one sort or another (well, it’s always mayhem), it’s the ability to intrude, observe, steal data, or shut your business down.
You buy great antivirus packages, maybe you’ve got malware protection (you really should) and you also pay a little more for ransomware protection as well (and recent news headlines should dictate you do this too) – and we’ll still never be able to stop all the bad guys.
Visualize this if you would. We put up brick walls and these black hats are grabbing sledgehammers and beating holes in the walls. If the digital sledgehammers don’t work they grab other utilities and tools and keep working on those walls until they’re able to break through them. Most IT experts aren’t alerted to the fact that there’s a problem I their system until after the damage has been done and the bad guys have ransacked the place.
You can’t necessarily blame the software vendors either. Microsoft didn’t create those exploits. Apple didn’t intend to put an OS out on the street that contained flaws of one sort or another. Linux developers never expected there would be security holes in any of their bundles.
You see, *exploits* don’t exist until hackers create them. Remember the image of using a hammer and chisel to pick at a wall? Some of the most brilliant minds on the planet trying to find ways to exploit software and create new access paths and back doors into software that didn’t exist and were never intended to be there.
Bottom line, always protect your data. Understand that there are people who would love nothing more than to turn your world upside-down. At home and the office … always take any and all measures to protect your most valuable data. Back it all up and stay current on antivirus, antimalware, and anti-ransomware releases. Whether it’s your personal writing, pictures, or business data – call it treasure and you know its value. Protect it accordingly…
Note: This was a transcript of an audio file posted to YouTube.com and on facebook.
Story Links...
South Korean web host pays largest ransomware demand ever
Digital organizations face a huge cybersecurity skills gap
Hackers stole credit card data from Buckle stores' cash registers