What to Look Out for With Locker Attacks and Denial of Service Cyberattacks on the Rise
Shira Rubinoff, Chief Strategy Officer of HeraSoft, is a cybersecurity executive, speaker, and influencer, who has built two cybersecurity product companies and led multiple women-in-technology efforts.
Ever since 1989, when the infamous AIDS Trojan was first identified, ransomware has demanded considerable attention and concern from the cybersecurity community. Two particular varieties of attack have emerged as particularly effective and alarming in recent years — Locker and Denial of Service ransomware.
Locker ransomware quite simply locks users out of their computers, rendering systems virtually useless save only the ability to communicate directly with the perpetrator. The MO of attackers using this technique is to avoid any complicated encryptions but rather simply scare users into believing that somehow law enforcement, such as the FBI, as in the case with the notorious Reveton, has detected illegal activity emanating from their system and shut them down. They then warn the users that the only way to regain access or unlock their system is to pay a fine, effectively, the ransom. Sometimes, it is even more straightforward, with attackers directly demanding a ransom payment in order to unlock the computer.
And, as the technology evolves and matures, so does the payment system. Whereas early ransomware attacks demanded payments in the hundreds of dollars from home computer users, today, high profile organizations, such as banks and hospitals, are being attacked, with monetary demands in the five and even six figures, payable of course in cryptocurrency, which is much harder to trace.
While prevailing advice is to never pay the ransom, many companies choose to do so anyway, as the downtime in fighting behind the scenes will come at the cost of time, loss of business, and customer communications and trust, potentially resulting in far greater losses. For perpetrators, it’s a win-win.
Among other emerging cyber threats is the DoS, or Denial of Service family of attacks. Characterized by the intentional crashing and flooding of networks and systems, DoS attacks are aimed at disrupting trade, taking revenge on an opponent, or to meet nefarious activist goals.
A common and most serious version of this type of attack is the DDoS, or distributed denial of service attack, which acts in a coordinated effort, utilizing infected computers from many locations simultaneously, to block user access to a target system or network. By overloading the target with superfluous or bogie system requests, legitimate users will be denied access for a few hours, days, weeks, or even months.
The scale of DDoS attacks continues to rise at a troubling rate, as evidenced by the prevalence of telephony and IP address spoofing, UDP and SYM flooding, and DNS amplification, among other creative, often benign sounding attacks, like Smurf, CC, Ping and Nuke. Attackers are also gaining confidence, and are routinely extorting financial institutions, oftentimes beginning with low-grade attacks accompanied by warnings that larger attacks will be launched if the ransom is not paid. Emboldened with every institution that gives in to their demands, attackers are becoming more sophisticated, and the ransoms are increasing exponentially. Even for those who pay the ransom, there is no guarantee that their blockage or damage will be reversed. Once in, cybercriminals may also take the opportunity to infect their target systems with other types of malware. Scary stuff.
So, what’s the takeaway from all of this and how can we protect ourselves? Well, first and foremost, we must remain vigilant and aware. New threats are being recorded every single day and it is up to the end-users to ensure that they have installed effective security applications, including but not limited to antivirus software, which to my mind is an absolute must, and ought to be updated regularly. Also, remember to update all patches for software, operating systems, network devices, apps, mobile phones, etc. Complacency will lead to vulnerability.
It is also good practice to maintain a regulated and effective offline and external backup and restore mechanism in the event of a ransomware attack. This will allow users to ignore the attackers and simply start over, which is the preferred response according to law enforcement.
“It’s Schrödinger’s backup: the state of a backup isn’t known until you have to restore from it: you need to know if it’s going to save you if something happens,” explained Michael Gillespie, a ransomware attack researcher at Emsisoft, a New Zealand-based anti-virus software company.
“Sometimes people don’t want to pay for IT in general, they don’t want to pay for a storage safety net they might never use — but there are options and in the grand scheme of things it’s better for you,” he added. “If organizations secure their networks against ransomware attack and ensure there are backups available if the worst happens, they don’t have to pay the ransom — and if people aren’t paying ransoms, cybercriminals will stop seeing ransomware attack as lucrative.”
Finally, beware of email attachments that seem fishy, pun intended, or that come from senders you do not recognize or trust. Phishing is a leading cyber threat and offers a convenient channel for the distribution of ransomware. Also, bear in mind that attackers have exploited the Covid-19 global pandemic to flood networks around the world with seemingly related communications. Exercise extra caution during times of public challenge and uncertainty.
With our increasing dependence on smart technology with the IoT, and the invitation of new technologies into our homes that depend upon the internet and WiFi, broader and more sophisticated cybersecurity strategies are critical. Criminals are hard at work figuring out creative ways to target our most essential centers of service, such as hospitals, government and financial institutions. While we cannot remain completely protected, being prepared, diligent and up to date in our awareness and knowledge of the cyber-threat landscape will be our best lines of defense as we move forward.