Weissblick - Fotolia
WannaCry an example of pseudo-ransomware, says McAfee
The global WannaCry and NotPetya attacks were both examples of pseudo-ransomware, according to McAfee researchers
Despite claims to the contrary, WannaCry malware was well-written with evidence of good data governance, according to Raj Samani, chief scientist and fellow at McAfee.
Although WannaCry’s inability to automatically decrypt once the ransom had been paid initially appeared to be a mistake, it pointed to the malware’s true purpose, he told the 2017 Wired Security Conference in London.
“WannaCry collected only around $150,000, which is relatively little compared with the $325m collected by the CryptoWall ransomware, which led us to conclude that we were seeing the rise of pseudo-ransomware, which was quickly followed by another example in the form of NotPetya,” said Samani.
WannaCry may have been a proof of concept, but the true propose, he said, was to cause disruption, which is consistent with what researchers are learning when going undercover as ransomware victims to ransomware support forums.
“When one of our researchers asked why a particular ransom was so low, the ransomware support representative told her that those operating the ransoware had already been paid by someone to create and run the ransomware campaign to disrupt a competitor’s business,” said Samani.
“The game has changed. The reality is that any organisation can hire someone to disrupt a competitor’s business operations for less than the price of a cup of coffee.”
In the face of this reality, Samani said the security industry and society as a whole has to “draw a line in the sand”, which is the motivation behind the No More Ransom project set up by the Dutch National Police, Europol, McAfee and Kaspersky Lab in July 2017.
The initiative offers organisations advice and information about preventing ransomware attacks, but more importantly provides tools for decrypting data locked up by some common types of ransomware.
“No More Ransom offers an third option beyond ‘losing your data’ and ‘paying the ransom’, and since inception, the project has prevented £9m going into the coffers of cyber criminals running ransomware operations,” said Samani.
Read more about ransomware
- Businesses still get caught by ransomware, even though straightforward avoidance methods exist.
- Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.
- The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
- The Cryptolocker ransomware caught many enterprises off guard, but there is a defence strategy that works.
Ransomware –whether for direct profit or as a disruptive service for hire – is an increasingly popular business model for cyber attackers.
In the light of this fact, and the fact that some internet-connected equipment and device manufacturers, including carmakers, are often slow to respond to security vulnerability reports, it is important for the information security industry and society as a whole to make a stand, said Samani.
It is not difficult, he said, to imagine a future where every internet-connected device can be used to demand payment to maintain functionality of the device or associated services.
“But unless we do something about it, as an industry and a society, that will be our future,” said Samani. ... .... .... .... .... .... .... ... .... ....
