In January, the FBI warned of the rise of ransomware. "Ransomware has been around for several years, but there's been a definite uptick lately in its use by cyber criminals," the agency said in a press release.
"Everybody's getting more into ransomware, why wouldn't you?" Krebs said. "It's a no-brainer. Two percent of the people pay. You just have to be prolific, that's all."
Right now, such attacks are opportunistic, Krebs said. "The ransomware attacks will get a lot more expensive, and soon," he said.
Sjouwerman is certain banks are being targeted by the ransomware.
"You will never find a bank that's willing to admit it has been targeted, has been infected and paid a ransom," he said. "That would be an immediate loss of half their deposits. It ain't going to happen. However, I'm sure they're being targeted."
And ransomware has dangers beyond the initial computer it hits.
"They're not just trying to infect your workstation and lock your files on you workstation; they're trying to go for any network drive they can find," Sjouwerman said. "That's where the risk is. This is what happened at Presbyterian Hospital in Hollywood."
Why People Fall for It
The Dridex perpetrators have gotten good at disguising malware as an invoice in their phishing attacks.
"If you got a bill in an email that looks like it came from someone you did business with, you're liable to click on it just to see what's going on," Haley said. "That's one of the things that make these guys so effective."
Krebs said in some cases, hackers will post fake resumes on job boards and collect the emails of people who respond to them — people in charge of HR and hiring.
"They target those people with phishing, so they can get access to their accounts and before you know it they've spammed the world with this stuff," including the people applying for the jobs, he said. "It's easy to say, 'Why do people click on this stuff?' But if you've been out of work for six months and you're looking at being able to make your rent payment, and someone offers you a work-from-home job to make two grand a month, a lot of people would say, 'Hey, that's exactly what I need.' They're not asking too many questions."
It's also easy for malware to exactly spoof an email address, Sjouwerman pointed out, as he sent me an email that appeared to be from my own account. An email directly from your boss's or CEO's email address is hard to ignore.
The Best Defenses
Attacks like Dridex are hard for banks to block because they have no control over their customers' computers. They can, of course, try to stop the malware from creeping into employees' desktops. Education and two-factor authentication are the two best ways to prevent employees from clicking on malicious email attachments.
"Defense in depth starts with the outer layer — the mushy, human layer of policy, procedure and awareness," Sjouwerman said. "If you get a request from your CEO, it's OK to say no to your CEO and double-check and text or call him. You need to have a policy in place." He also advises conducting phishing tests to see if employees will click on things they shouldn't.
To fight ransomware, Sjouwerman recommends blocking all emails with .zip extensions or macros at the email gateway level. He also suggests disabling Adobe Flash Player, Java and Silverlight if possible, as these are used as attack vectors.
Fraud detection software is the next line of defense, to spot the signs of unusual activity and block fraudulent money transfers.
But perhaps the best defense against ransomware is good backup. If a company knows its files and applications are well-replicated, it can say no to a ransom demand, shut down the infected machine and start fresh on a new computer.
There are and will continue to be other threats to online banking security. Mastering a defense against Dridex could go a long way toward deflecting others.
Editor at Large Penny Crosman welcomes feedback at penny.crosman@sourcemedia.com.
Be the first to comment on this post using the section below.