Chaos for Sale
Chaos for sale! It shouldn’t surprise anybody that everything is for sale on the internet, and that now includes ransomware and other virulent software. Some cybercriminals don’t want to take the time, or make the effort, to develop their own ransomware. Those that do, have now figured out that they can sell copies of their own software to the impatient ones – sometimes for a very lucrative profit.
The Malware Market
Whereas once upon a time, hackers only sought a bit of the spotlight – enough to feed their egos – they now find that their particular areas of cybercrime “expertise” can now earn them a living in more ways than one. Black markets for hacking tools and services are becoming more prevalent as attacks and attack mechanisms themselves gain more attention.
Cybercrime as A Service
The emergence of cybercrime-as-a-service, in which cybercriminals introduce and share new criminal “business models”, is increasing their spread and sophistication. Networking among criminal groups has been augmented by the emergence of new encrypted applications, and the evolution of the internet has fueled the exposure of these encrypted and anonymous technologies.
How much money is being thrown around by the cybercriminals? The value of this underground market today is guessed to be in the hundreds of millions. Some ransomware programs have reportedly been sold for as much as $900,000. Even higher prices might be paid for the complete ransomware “kits” that include the hardware (hard drives, smartphones, etc) along with the ransomware code.
Ironically, it’s been reported that these markets operate much like the above-board retail operations that we’re all familiar with, and can include testing and evaluation options prior to purchase.
Whose Fault Is It? It’s Not Just the Black Market’s
The black market is not the only thing fueling the increased number of cyberattacks. Perhaps the biggest reason lies with businesses that fail to implement the proper security measures, or do institute them but fail to keep them properly updated. This is not to say that these businesses are purposely inviting trouble, but they do leave themselves vulnerable when they do not make anti-ransomware measures a business priority.
Those vulnerabilities can come in variety of guises – some that you may not have considered. Many business networks still include old computers that run old operating systems. These old systems, such as Windows XP, are far easier to exploit than newer, more secure ones. Some web sites still include old unsecure http script, instead of the more secure https, which has been around for almost 20 years now and is the industry standard. Just like old operating systems, these old web page formats are also easily exploitable. Most often, they can be hijacked by cybercriminals who fit the page with camouflaged redirects, tempting users to unwittingly download ransomware, malware or some other kind of virus.
Do these things sound familiar to you? Keeping your business network, or even your own computer, safe from cyber viruses is no longer just an optional obligation. It’s mandatory. The number of cybercriminals is increasing because the methods for committing cybercrimes are becoming more accessible to them.
You keep the door to your house locked because you want to keep the people and the things inside it safe and secure. Why wouldn’t you do the same for your business network?