Ransomware, malware operations shut down, but not going away

It’s hard to imagine a more significant blight on the Internet than ransomware. Forget malicious destruction, forget spying on you — ransomware takes over a system, takes over your files, and demands money in order to (maybe) return them to you. So when news emerges where one of these operations is taken down, that’s a good thing.

Researchers from Cisco Systems announced they were behind the takedown of a massive ransomware operation run by a cyber criminal group. The take from this operation was an estimated $34 million per year.

The report further states a number of estimates, including:

• Up to 90,000 victims were targeted per day
• The full scope of all Angler Exploit activity could exceed $60 million annually
• This network was responsible for up to 50 percent of all Angler Exploit activity
• A $300 ransom was paid by about 3 percent of the victims
• The exploit servers had a life of one day

In the meantime, other types of malware continue to be incredibly hard to put down for good, despite efforts to take down these massive cybercriminal operations. The latest example was the resurrection of Dridex malware. Officials from the United States and United Kingdom said in early October that the botnet behind this flavor of malware had been taken down. A serious financial threat to the average consumer, this malware is known for the malicious behavior of monitoring financial login details and other personal information. Hackers find a way to access financial accounts and cause very big problems.

When the Dridex botnet takedown was announced, it was also disclosed that a 30-year-old Moldovan man named Andrey Ghinkul was sought for extradition in connection to $10 million malware scam. There have been no developments there, but no less than two weeks later, reports started to come in from Palo Alto Networks of increased Dridex activity detected throughout its networks. Propagating in email, the spectrum of potential victims, combined with the financial implications of this malware, is an issue with great impact.

The threat that malware and ransomware wield have produced considerable headaches for many institutions and individuals. The continued risk of loss of stolen intellectual property, credit card info, and personally identifiable information (PII) have many security professionals, law enforcement, and companies worried. These operations continue to generate hundreds of millions of dollars annually, with no end in sight. A secretive marketplace for unknown vulnerabilities, specialized services to modify code, and the trade of information has been the bane of efforts to curb these matters.

Steps to protect yourself against the threat follow the proven course of keeping computers, software, and anti-malware up to date.  Finally, if you suspect you’ve been compromised, contact a professional.