Ransomware: Economics for Defenders

The recent rash of ransomware incidents has been linked to the availability of crypto-currencies – as a way that victims can pay ransoms to anonymous attackers – so Trend Micro reviewed the economic models for ransomware and, among many other aspects, whether changes in the crypto-currency world might have knock-on effects. Their conclusions are mixed: successful intrusions can be monetised in other ways, but defences that focus on initial access and lateral movement should help against those too.

Crypto-currencies have been in the news themselves: some collapsing for internal reasons, others being proposed for regulation. Some crypto-currency and ransomware groups have been made subject to sanctions. However Trend see these as long-term developments that may, at most, increase the costs to cyber-criminals who continue to use ransoms to monetise their access to organisations’ systems. In any case, extortion is not the only way that profits can be extracted: fake invoices and bank instructions are much more plausible if sent from the organisation’s own systems, for public companies there are signs of intruders using “inside information” to distort share prices in profitable ways.

The good news for defenders is that these other monetisation techniques still depend on initial access plus lateral movement/privilege escalation to reach sensitive information and systems. So preventing, detecting and eliminating either of these earlier stages should continue to be effective even if the eventual monetisation technique changes.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *