Ransomware is on the increase, and while most threats request money in return for encrypted files, hackers are using other ways to extract payment from their victims, explains DOROS HADJIZENONOS, country manager, Check Point South Africa.
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:
Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature up to 99 degrees Celsius. This was the first proof of concept of this kind of attack, showing a creative way to put pressure on victims and drive them to pay ransom or risk consequences such as a flood or an incinerated house.
In November 2016, travellers in the San Francisco MUNI Metro were prevented from buying tickets at the stations due to a ransomware attack on MUNI’s network. In this case the attackers demanded $70,000 in BitCoins. In January 2017, a luxurious hotel in Austria was said to suffer an attack on its electronic key system, resulting in guests experiencing difficulties in going in or out of their rooms. The attackers demanded $1,500 in BitCoins. Whether or not this story is accurate, it demonstrates how creative this type of attack can get.
The growing use of IoT devices will likely make this attack vector more and more common in the future. For example, the potential exploitation of vulnerabilities inside smart, implantable cardiovascular defibrillators, can allow an attacker to put a victim’s life at risk until the ransom is paid. As IoTs become more widespread in our everyday life, threat actors will find new, horrifying ways to subjugate victims for profit.
Hostage data ransomware
A more direct approach is to steal data from victims and threaten to expose it unless a ransom payment is received by a certain deadline. This generic modus operandi has been used by different malware families and campaigns. For example, in May 2016, over 10 million customer records of a leading South Korean online shopping mall were stolen, including names, addresses and phone numbers. The attackers demanded a ransom of $2,664 in BitCoins to prevent release of the information online.
Another example is Charger, a screen-locker Android ransomware discovered by Check Point researchers in January 2016. The attackers threatened to sell stolen data from targeted devices unless they receive a ransom of 0.2 BitCoins (approximately $180). The malware is embedded in a mobile app named EnergyRescue, downloaded from Google Play.
Another method for attackers is threatening to conduct a denial of service attack unless a ransom is paid. With the growing use of botnets for DDoS attacks, this attack vector is especially common against banks, and is very attractive as it is far simpler than developing a ‘traditional’ file-encrypting ransomware. This attack vector made headlines in January 2017 when it was used in an attack against the web portal of the British Lloyds Bank. The attackers issued a DDoS threat with a demand of 100 BitCoins (worth approximately $94,000).
Some ransomware simply prevent victims from using their devices by locking their screens. There are different ways to conduct a screen locking attack, but common features include cancelling all options to close a program or to shut it down. Examples of such ransomware are DeriaLock (December 2016), which targets PCs and demands a payment of $30 for unlocking; and Flocker (May 2015), an Android screen locker which targets smartphones and Android-run smart TVs, and demands an iTunes gift card worth $200 as payment.
Ransomware attacks are a popular way for threat actors to make easy profits, as the payment is made anonymously using anonymous BitCoin wallets rather than bank transfers. The motivation for victims to cooperate is high, as their personal data is on the line. While most ransomware families encrypt files, some use creative ways to drive victims to pay. By preventing victims from accessing their machines, creating real damage or exposing sensitive data, the attackers are able to bypass the complexities of managing an encryption and decryption process. We estimate that the use of alternative ransomware, especially DDoS and IoT ransomware, will keep on growing in the near future, as IoT devices and web services continue to become more widespread.
How to protect yourself
We highly recommend you take these steps to protect yourself from ransomware or mitigate their effects:
- Backup your most important files – Make an offline copy of your files on an external device and an online cloud stage service. This method protects your files not only from ransomware but from other hazards as well. Note: external devices should be used for backup ONLY and be disconnected immediately after the backup is completed.
- Exercise caution – We usually don’t sense any danger while using our computers or other devices, but it’s there. Threat actors are constantly trying to steal your money, your private data and your machine resources – don’t let them have it. Don’t open e-mails you don’t expect to receive, don’t click links unless you know exactly what they are and where they lead, and if you are asked to run macros on an Office file, DON’T! The only situation in which you should run macros is in the rare case that you know exactly what those macros will do. Additionally, keep track of the latest major malware campaigns to ensure that you will not fall victim to a new and unique phishing technique or download a malicious app, which can lead to malware installation on your computer or theft of your credentials.
- Have a comprehensive, up-to-date, security solution – High quality security solutions and products protect you from a variety of malware types and attack vectors. Today’s Anti-Virus, IPS and sandboxing solutions can detect and block Office documents that contain malicious macros, and prevent many exploit kits from exploiting your system even prior to the malware infection. Check Point Sandblast solution efficiently detects and blocks ransomware samples, and extracts malicious content from files delivered by spam and phishing campaigns. Installing your IoT devices behind a Security Gateway will keep them safe as well.
Now for hardware-as-a-service
Integrated ICT and Infrastructure provider Vox has entered into an exclusive partnership with Go Rentals to introduce a Hardware-as-a-Service (HaaS) offering, which is aimed at providing local small and medium businesses (SMEs) with quick, affordable, and scalable access to a wide variety of IT infrastructure – as well as the management thereof.
“Despite an increasingly competitive business environment where every rand counts, many business owners are still buying technology-based equipment outright rather than renting it,” says Barry Kemp, Head of Managed IT at Vox. “The problem with this is that the modern device arena has grown in variety and complexity, making it more difficult to manage, and to reduce the overheads of controlling these devices.”
According to Kemp, there is a global trend being observed in businesses moving away from owning and managing IT infrastructure. This started with the move away from servers and toward cloud-based subscription services, and now organisations are looking to do the same with the remaining on-premise hardware – employees’ desktop systems.
The availability of HaaS changes the way in which local businesses consume IT, by allowing them to direct valuable capital expenditure toward the more efficient and competitive operation of their organisation, rather than spending on hardware products.
“The rental costs are up to 50% lower than if they buy these products through traditional asset financing methods. Furthermore, using HaaS gives businesses the ability to scale up and down depending on their infrastructure requirements. Customers on a 12 month contract can return up to 10% of the devices rented, while those customers on 24 and 36 month contracts can return up to 20% of the devices – at any time during the contract,” adds Kemp.
More than just a rental
HaaS gives business access to repurposed Tier 1 hardware from vendors such as Dell, HP and Lenovo, equipped with the required specifications (processor, memory, and storage), and come installed with the latest Microsoft Windows operating system, unless an older version is specifically requested by the customer.
Kemp says: “Where HaaS is different from simply renting IT hardware is that businesses get full asset lifecycle management, such as having all company software pre-installed, flexible refresh cycles and upgrades, support and warranty management and transparent and predictable per user monthly fees.”
The ability to upgrade during the contract period means that businesses can keep pace with the latest in technology without needing to invest on depreciating equipment, while ensuring maximum productivity and efficiency for employees. Returned devices are put through a decommissioning process that ensures anonymity, certified data protection, and environmental compliance.
Businesses further stand to benefit from Vox Care, which incorporates asset management and logistical services for customers. This includes initial delivery and setup in major centres, asset tagging of all rented items, creation, and the repair and/or replacement of faulty machines within three business days – again in the main metropolitan areas.
Vox Care also assists in the design, testing and deployment of custom images, whereby HaaS clients can have the additional programmes they need (security, productivity tools, business software, etc) easily pre-installed along with the Windows operating system, on all their machines.
Kemp says HaaS customers can get further peace of mind by outsourcing the day to day management of their desktop environment to Vox Managed Services, as well as leverage the company’s knowledge and expertise to manage and host workstation backups to ensure business continuity.
Says Kemp: “Hardware-as-a-Service allows businesses to reduce the total cost of ownership of their hardware and ensure they only pay for what they use. Making the switch to a service model helps them take advantage of the global move in this direction, and to turn their business into a highly functional, flexible, low cost, change your mind whenever you want workplace.”
Seedstars seeks tech to reverse land degradation in Africa
A new partnership is offering prizes to young entrepreneurs for coming up with innovations that tackle the loss of arable land in Africa.
The DOEN Foundation has joined forces with Seedstars, an emerging market startup community, to launch the DOEN Land Restoration Prize, which showcases solutions to environmental, social and financial challenges that focus on land restoration activities in Africa. Stichting DOEN is a Dutch fund that supports green, socially-inclusive and creative initiatives that contribute to a better and cleaner world.
While land degradation and deforestation date back millennia, industrialization and a rising population have dramatically accelerated the process. Today we are seeing unprecedented land degradation, and the loss of arable land at 30 to 35 times the historical rate.
Currently, nearly two-thirds of Africa’s land is degraded, which hinders sustainable economic development and resilience to climate change. As a result, Africa has the largest restoration opportunity of any continent: more than 700 million hectares (1.7 billion acres) of degraded forest landscapes that can be restored. The potential benefits include improved food and water security, biodiversity protection, climate change resilience, and economic growth. Recognizing this opportunity, the African Union set an ambitious target to restore 100 million hectares of degraded land by 2030.
Land restoration is an urgent response to the poor management of land. Forest and landscape restoration is the process of reversing the degradation of soils, agricultural areas, forests, and watersheds thereby regaining their ecological functionality. According to the World Resources Institute, for every $1 invested in land restoration it can yield $7-$30 in benefits, and now is the time to prove it.
The winner of the challenge will be awarded 9 months access to the Seedstars Investment Readiness Program, the hybrid program challenging traditional acceleration models by creating a unique mix to improve startup performance and get them ready to secure investment. They will also access a 10K USD grant.
“Our current economic system does not meet the growing need to improve our society ecologically and socially,” says Saskia Werther, Program Manager at the DOEN Foundation. “The problems arising from this can be tackled only if a different economic system is considered. DOEN sees opportunities to contribute to this necessary change. After all, the world is changing rapidly and the outlines of a new economy are becoming increasingly clear. This new economy is circular and regenerative. Landscape restoration is a vital part of this regenerative economy and social entrepreneurs play an important role to establish innovative business models to counter land degradation and deforestation. Through this challenge, DOEN wants to highlight the work of early-stage restoration enterprises and inspire other frontrunners to follow suit.”
Applications are open now and will be accepted until October 15th. Startups can apply here: http://seedsta.rs/doen
To enter the competition, startups should meet the following criteria:
- Existing startups/young companies with less than 4 years of existence
- Startups that can adapt their current solution to the land restoration space
- The startup must have a demonstrable product or service (Minimum Viable Product, MVP)
- The startup needs to be scalable or have the potential to reach scalability in low resource areas.
- The startup can show clear environmental impact (either by reducing a negative impact or creating a positive one)
- The startup can show a clear social impact
- Technology startups, tech-enabled startups and/or businesses that can show a clear innovation component (e.g. in their business model)
Also, a specific emphasis is laid, but not limited to: Finance the restoration of degraded land for production and/or conservation purposes; big data and technology to reverse land degradation; resource efficiency optimization technologies, ecosystems impacts reduction and lower carbon emissions; water-saving soil technologies; technologies focused on improving livelihoods and communities ; planning, management and education tools for land restoration; agriculture (with a focus on precision conservation) and agroforestry; clean Energy solutions that aid in the combat of land degradation; and responsible ecotourism that aids in the support of land restoration.