The idea of a shady cabal or a nefarious cyber army of one holding an entire city’s data hostage while they negotiate for ransom sounds like a plot lifted straight from a 1990s B movie. But yesterday’s fantasy is today’s reality. Just ask the residents of Atlanta who were, at least in the cyber sense, thrust into the Dark Ages for a brief time in late March when the notorious SamSam ransomware was unleashed upon the city.
So, what does the future of ransomware look like? Smarter MSP caught up with some of the top members of the cybersecurity community in Atlanta to find out how the recent attack shaped their outlooks for MSPs. (As an interesting aside, none of the people we spoke to in Atlanta reported being impacted at all by SamSam. The attack was limited to government organizations, so unless you were paying your water bill or had a court case, it appears that life went on.)
Two paths forward
Andrew Bagrin, CEO of OmniNet Inc., a cybersecurity firm in Greater Atlanta, says the ransomware threat will evolve and feast upon the Internet of Things (IoT) and driverless cars as these become more entrenched.
“There could be some small fee to start your car or have your brakes work again. Of course, there are very large repercussions on auto manufacturers, and it won’t be a lasting money-maker for hackers, and isn’t as easy to accomplish,” Bagrin says.
Bagrin says ransomware will evolve into two primary areas of threat that MSPs should be monitoring and engaging. One is a for-profit avenue such as the ones we have seen, and those will find ripe targets in the emerging IoT. The second category will be state-sponsored or independent sophisticated attacks that emphasize other demands as much as money.
“These attacks could be very stealth information-gathering ones for future access or terrorist organizations trying to impact extreme events causing mass scale disasters,” Bagrin says.
Bagrin says most MSPs are so focused on the for-profit ransomware that they ignore steps to prepare their clients for a state-sponsored cyberwar type of attack. Bagrin thinks MSPs need to talk to their clients more about the “relevant vertical.”
“Hospital breached, restaurant chain breached, etc., and constantly remind them that [you] are taking care of them,” Bagrin says. That way, “When the time comes, it will be a much easier conversation: ‘We need to upgrade your cyber protection.’”
Ransomware as a cyber weapon
Sec360 LLC is another Atlanta IT security firm specializing in Microsoft security. Owner Joseph Patterson advises that: “Any entity using computing resources not familiar with Department of Defense security technical implementation guides (DoD STIGs) and cybersecurity training should immediately move forward with implementation of concepts and training.”
He shares Bagrin’s concerns that MSPs need to focus as much on organized cyberwar-type ransom (demands, negotiations, contracts, etc.) as they do on traditional for-profit ransomware.
“Now that ransomware has been weaponized, it is only a matter of time before organized crime targets governments, businesses, and individuals, not only for profit, but to affect the outcome of legal proceedings. Utilities may also be held hostage,” Patterson warns.
Imagine a legal proceeding grinding to a halt as persons unknown attempt to renegotiate terms.
But it’s not just the big guys who will be vulnerable to the ever-evolving threat of ransomware. Your MSP may service seemingly “soft targets” like the local bank, cosmetic surgery office, or bookstore. Don’t assume they aren’t vulnerable.
“Never assume that you nor your computing platforms of choice are too unimportant to be attacked,” Patterson says. “The bad actors have plans. Each plan will be implemented when higher priority targets are resolved. Your resources may not be held hostage, but they may be used to monitor and/or attack your colleagues, friends, family, employer, employees, churches, civic groups, clubs, and even your rivals.”
The weakest link
Kevin Beaver is a cybersecurity expert and owner of Principle Logic, a cybersecurity consulting firm based in Atlanta. Beaver is also the author of Hacking for Dummies. He says that because the IoT and technology in general are constantly evolving so too will ransomware.
“I think the threat vector might evolve into other areas. The reality is, if a system is reachable via a network, then it’s fair game for attack. Looking at it this way, such exploits can live indefinitely — even to things that haven’t yet been invented,” Beaver says.
Beaver explains that the problem with ransomware, or any threat, lies just as much in human failures as it does in technology.
“Here’s the thing with ransomware — or any modern threat for that matter: It’s not doing anything terribly advanced in order to run its course. There are weaknesses, and they’re being exploited,” Beaver says.
Beaver says that in the case of the city of Atlanta and related incidents, it’s many security weaknesses involving people, processes, and technology — or, really, a lack thereof — that converge. He says most organizations don’t need a bunch of new paperwork or a bunch of new hardware or software to blunt the threat; a lot of it comes down to good old-fashioned human behavior.
“What’s needed is discipline. Discipline to test for the vulnerabilities, acknowledge that they are creating business risks, and then doing whatever it takes to do something about it all. It’s a simple formula that very few organizations seem to have figured out. Everyone from management to systems administrators and even end users are complicit in most of the security challenges we face today,” Beaver says.
As ransomware tools evolve and the IoT reaches the more mundane corners of the home and office, the prospect of you reaching for a soda only to find the refrigerator locked due to a ransomware attack becomes something more and more likely. But, so too do the serious ramifications of a large scale cyberwar that ropes in some of your clients. Is your MSP prepared?