This week saw thousands of private photos leaked online, following the hack of a Lithuanian cosmetic surgery clinic. The cybercriminals, who have dubbed themselves the ‘Tsar Team’, have leaked images they claim come directly from the Grozio Chirurgija clinic services.
This follows the group holding the images, many of which were sensitive in nature, to ransom. Dozens of people approached local law enforcement to report that they were being blackmailed by the hackers; after failing to get the clinic to pay between €50 ($55, £44) and €2,000 ($2,236, £1,747), payable in Bitcoin, the hackers moved on and targeted individuals asking for payments of between €50 ($55, £44) and €2,000 ($2,236, £1,747), again payable in Bitcoin, with prices fluctuating depending on the sensitive material the hackers were holding.
After failing to meet the exorbitant ransom demands, the images were dumped on the Dark Web.
This is just one of the many ransomware attacks we have seen in 2017 so far; just weeks ago, the NHS and the rest of the World was held to ransom by WannaCry- the origin of the hack still unknown. Terry Ray, chief product strategist at Imperva believes that ransomware is so prevalent due to how financially rewarding it can be, he says: “Surging in popularity, ransomware is now one of the most profitable types of malware attacks in history, and the FBI said they expected ransomware extortion payments to hit $1 billion in 2016. Cybercriminals have discovered how financially rewarding—and easy to use—it can be, especially against larger targets with business-critical data stored on file shares. In the decade since its initial appearance, the ransomware extortionate has evolved from a collection of ad-hoc tools implementing an unripe idea and run by callow hackers, to a smooth and highly efficient ecosystem run by professionals and filling the hacker’s most desired void: the path from infection to financial gain.
He goes on to explain- ‘In the past, ransomware did not appear on the threat list for organizations, mostly due to their backup systems and recovery procedures for data loss situations, which were designed with natural disasters in mind, but could be useful for ransomware as well. This situation has changed drastically with the recent explosion of ransomware attacks. Now it is hard to tell whether these infections occurred randomly (such as when an individual opens an infected personal e-mail), or if the attack has been carried out intentionally by someone deliberately looking to cause damage to a company. Another possibility is that a bad actor could enlist a user-friendly ransomware service that can be easily deployed with very little technical skill, known as ransomware-as-a-service’.
From this, it is clear the threat posed by ransomware is not something that is going to disappear quickly, or without a fight; and hacks like that committed by the ‘Tsar Team’ this week are still a huge concern. The good news is however, that there are in fact several effective ways to defend against ransomware, as Terry Ray explains- “The history of cyber events has taught us that as good as perimeter and endpoint protection may be, security officers should assume that eventually the attackers will find their way in. Data breaches and ransomware attacks both have a common meeting point, which is the place where data resides. A critical line of defence for both types of attacks is the security controls where this data is stored—databases, files and cloud applications— and in the applications through which it is accessed. Such security controls, which include monitoring access, specifically around data modification and detection of suspicious anomalies in access patterns, will facilitate early detection of ransomware attacks and immediate isolation of the suspicious endpoint to prevent the encryption or hostage of the files.”