“The continued survival and future of your organization cannot be based upon negotiations with criminals,” was the stark message given by Tanner Johnson, principal analyst of OMDIA, during his session at Black Hat Europe 2021.
Titled ‘Ransomware: The New Terrorism,’ the session was dedicated to ransomware and covered its history, the evolution of the threat, response challenges, escalation to terrorism and mitigation practices.
History of Ransomware (As We Know It)
Johnson’s analysis of the history of ransomware (as we know it) started on the concept of ransom, one with a long history spanning the globe and covering thousands of years: “criminals hold an entity hostage to extort money for its release.” Once stolen, “the criminals provide an official request outlining their demands for the release of said items,” explained Johnson. While ransoms have historically been tied to physical items of value, “they demanded physical logistics.” Focusing instead on today, as we have transitioned into an information-driven society, our dependence on access to data has only burgeoned.
Evolution of The Threat
“How, though, has the threat evolved?” pondered Johnson. “The proof of concept shown from the AIDS Trojan illustrated just how viable this criminal tactic was,” remarked Johnson. As encryption technology evolved, adversaries designed their own advanced ransomware toolkits. “The inception of cryptocurrency technology ushered in the modern ransomware challenges we face today.”
As many know, within 20 years of its first use, criminal ransomware campaigns were regularly making international headlines. This is when the advancement of ransomware as a service utilizing premade toolkits “began to take shape.”
Response Challenges
When focusing on ransomware, many question why responding to ransomware appears to be so challenging. “The severity of the problem has been overlooked or dismissed by organizations within every market since its creation,” rued Johnson. He continued that a central problem is visibility, “which is a crucial component to any security strategy.” Worryingly, “many organizations remain blind.”
Because of this challenge, Johnson claimed that it’s incumbent on organizations to take the initiative to “discover, identify and define their own respective ‘crown jewels’” so they can properly draft an effective incident response.
No tags.
