Today anyone can afford to launch a cyberattack as easy as they can place an order for a pizza delivery
-Alon Arvatz 1
Because protecting our customers is our top priority, we paid the cybercriminal’s demand
-Statement from a recent corporate ransomware victim2
The barrier to ransomware entry has become so low
Ransomware is now distributed on the dark web like any other Software as a Service (SAAS, e.g. Spotify, Netflix, Dropbox). And its pricing starts at about $20 for a basic-level ransomware attack.3 Type “RAAS” or “ransomware as a service” in a dark web search engine. You’ll get pages of results. Most people think of hackers as geniuses. That’s far from true any more.4
The costs to the victimized businesses are so high
Ransomware locks up a computer system, sometimes removing the data from the system, until the ransom demand is met. So first there’s remediation, if your system has been properly backed-up in a way that the system software can be replaced. There’s the downtime to get back up and running after an incident. And if you feel you need to pay the demand, you are relying on the word of thieves that they’ll play fair once your money is in their hands. And also you’re showing them that bad behavior pays … priming them to find their next, lucrative victim.
Ransomware is usually delivered in the ways other malware is delivered:
Through phishing, in which via email, phone or text, the victim is manipulated to trust and click a link or open a document that unleashes the malware.
Through clicked links on disguised, malicious websites or online ads.
Through unpatched browsers and other software (like Microsoft Remote Desktop Protocol) accessing the internet.
The important take-away is that ransomware isn’t magic. It can only run if it’s given the privileges to do its dirty work.
Even though there is a lot more coverage of breaches in the news, and talk of good security practices in the corporate environment, in terms of people’s behavior, has much really improved? 48% of the 4000 office personnel surveyed by Webroot admitted to having clicked a link in which their personal or financial data had been compromised by a phishing message. However, of that group 35% didn’t take the basic step of changing their passwords following a breach.5 If more than a third don’t change their passwords after a cybercrime, how many do you think are confessing their online mistakes to their managers?
Also, 59% reuse passwords for personal and work email addresses and/or don’t use secure passwords.6
Bryley Dark Web Monitor
That’s why it should be part of any manager’s security implementation to routinely monitor if employees’ credentials have been compromised. These credentials are stolen to be put up for sale on the dark web and other illegal markets.
Bryley Dark Web Monitor alerts managers about a compromise to users’ emails and passwords when they show up on dark web markets — often before these leaks are acted on and a breach occurs. The information gives administrators the ability to take action to prevent an attack.
Bryley Dark Web Monitor uses both human and artificial intelligence to scour criminal chat rooms, blogs, websites, social media, peer-to-peer networks, forums, private networks, and other blackmarket sites. A lot of this data comes from sites that require credibility or a membership within the hacker community to enter.
Bryley Dark Web Monitor looks specifically for our clients’ top level email domains. When a credential is identified, we harvest the data.
Bryley Dark Web Monitor then alerts you if a compromise has been found and advises the actions that will best keep your business secure.
When the Walls Come Down
The dark web has commodified credentials — to the point that credentials range in price from $1 to $15.7 So financial access to mischief is out there for anyone. To make matters worse the dark web offers to even those that don’t know how to write or implement malware subscription services that are complete with customer support to help them execute attacks.8
One strategy Bryley uses is to monitor the many criminal channels to learn if any of your organizations’ credentials have been compromised. Bryley will then alert you so you can make changes to secure whatever’s been found to be compromised before an attack can happen.