{"id":8472,"date":"2019-05-23T16:52:20","date_gmt":"2019-05-23T16:52:20","guid":{"rendered":"http:\/\/www.firstlinepractitioners.com\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/"},"modified":"2019-10-03T12:46:37","modified_gmt":"2019-10-03T12:46:37","slug":"hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable","status":"publish","type":"post","link":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/","title":{"rendered":"Hackers are making personalised ransomware to target the most profitable and vulnerable"},"content":{"rendered":"<p><a href=\"https:\/\/theconversation.com\/profiles\/lena-connolly-695744\">Lena Connolly<\/a>, <em><a href=\"http:\/\/theconversation.com\/institutions\/university-of-leeds-1122\">University of Leeds<\/a><\/em> and <a href=\"https:\/\/theconversation.com\/profiles\/david-wall-98233\">David Wall<\/a>, <em><a href=\"http:\/\/theconversation.com\/institutions\/university-of-leeds-1122\">University of Leeds<\/a><\/em><\/p>\n<p>Once a piece of ransomware has got hold of your valuable information, there is very little you can do to get it back other than accede to the attacker\u2019s demands. Ransomware, a type of malware that holds a computer to ransom, has become <a href=\"https:\/\/theconversation.com\/nhs-ransomware-cyber-attack-was-preventable-77674\">particularly prevalent<\/a> in the past few years and <a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/encryption\">virtually unbreakable encryption<\/a> has made it an even more powerful force.<\/p>\n<p>Ransomware is typically delivered by <a href=\"https:\/\/uk.norton.com\/internetsecurity-malware-what-is-a-botnet.html\">powerful botnets<\/a> used to send out millions of malicious emails to randomly targeted victims. These aim to extort <a href=\"https:\/\/theconversation.com\/how-wannacry-caused-global-panic-but-failed-to-turn-much-of-a-profit-77740\">relatively small<\/a> amounts of money (normally \u00a3300-\u00a3500, but more in recent times) from as many victims as possible. But according to police officers we have interviewed from UK cybercrime units, ransomware attacks are becoming increasingly targeted at high-value victims. These are usually businesses that can afford to pay very large sums of money, up to <a href=\"http:\/\/www.bbc.co.uk\/news\/technology-40340820\">\u00a31,000,000<\/a> to get their data back.<\/p>\n<p>In 2017 and 2018 there was a rise in such targeted ransomware attacks on UK <a href=\"https:\/\/www.techrepublic.com\/article\/why-ransomware-attacks-are-growing-more-targeted\/\">businesses<\/a>. Attackers increasingly use software to search for vulnerable computers and servers and then use various techniques to penetrate them. Most commonly, perpetrators use <a href=\"https:\/\/www.cloudways.com\/blog\/what-is-brute-force-attack\">brute force attacks<\/a> (using software to repeatedly try different passwords to find the right one), often on systems that let you operate <a href=\"https:\/\/www.pcworld.com\/article\/3126256\/ransomware-spreads-through-weak-remote-desktop-credentials.html\">computers remotely<\/a>.<\/p>\n<p>If the attackers gain access, they will try to infect other machines on the network and gather essential information about the company\u2019s business operations, IT infrastructure and further potential <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cryptomix-clop-ransomware-says-its-targeting-networks-not-computers\/\">vulnerabilities<\/a>. These vulnerabilities can include when networks are not effectively segregated into different parts, or are not designed in a way that makes them easy to monitor (network visibility), or have <a href=\"https:\/\/www.computerworld.com\/article\/2503105\/weak-passwords-still-the-downfall-of-enterprise-security.html\">weak administration passwords<\/a>.<\/p>\n<p>They then upload the ransomware, which encrypts valuable data and sends a ransom note. Using information such as the firm\u2019s size, turnover and profits, the attackers will then estimate the amount the company can afford and tailor their ransom demand accordingly. Payment is typically requested in <a href=\"https:\/\/theconversation.com\/how-are-bitcoin-cryptowallets-and-blockchain-related-some-jargon-busted-88906\">cryptocurrency<\/a> and usually between 35 and 100 bitcoins (value at time of publication <a href=\"http:\/\/preev.com\/\">\u00a3100,000\u2013\u00a3288,000<\/a>).<\/p>\n<p>According to the police officers we spoke to, another popular attack method is \u201c<a href=\"https:\/\/www.kaspersky.co.uk\/resource-center\/definitions\/spear-phishing\">spear phishing<\/a>\u201d or \u201c<a href=\"https:\/\/www.zdnet.com\/article\/ransomware-warning-the-gang-behind-this-virulent-malware-just-changed-tactics-again\/\">big game hunting<\/a>\u201d. This involves researching specific people who handle finances in a company and sending them an email that pretends to be from another employee. The email will fabricate a story that encourages the recipient to open an attachment, normally a Word or Excel document containing <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/intelligence\/macro-malware\">malicious code<\/a>.<\/p>\n<p>These kind of targeted attacks are typically carried out by professional groups solely motivated <a href=\"https:\/\/krebsonsecurity.com\/2017\/03\/ransomware-for-dummies-anyone-can-do-it\/\">by profit<\/a>, though some attacks seek to disrupt businesses or infrastructure. These criminal groups are highly organised and their activities constantly evolve. They are methodical, meticulous and creative in extorting money.<\/p>\n<p>For example, traditional ransomware attacks ask for a fixed amount as part of an initial intimidating message, sometimes accompanied by a countdown clock. But in more targeted attacks, perpetrators typically drop a \u201cproof of life\u201d file onto the victim\u2019s computer to demonstrate that they control the data. They will also send contact and payment details for release of the data, but also open up a tough negotiation process, which is <a href=\"https:\/\/blog.watchpointdata.com\/cryptojoker-ransomware-you-can-negotiate-with\">sometimes automated<\/a>, to extract as much money as possible.<\/p>\n<p>According to the police, the criminals usually prefer to target fully-digitised businesses that rely highly on IT and data. They tend to favour <a href=\"https:\/\/insidesmallbusiness.com.au\/planning-management\/ransomware-attacks-stopping-smes-in-their-tracks\">small and medium-sized companies<\/a> and avoid large corporations that have more advanced security. Big firms are also more likely to attract media attention, which could lead to increased police interest and significant disruptions to the criminal operations.<\/p>\n<h2>How to protect yourself<\/h2>\n<p>So what can be done to fight back against these attacks? Our work is part of the multi-university research project <a href=\"https:\/\/www.emphasis.ac.uk\/\">EMPHASIS<\/a>, which studies the economic, social and psychological impact of ransomware. (As yet unpublished) data collected by EMPHASIS indicates that weak cybersecurity in the affected organisations is the main reason why cybercriminals have been so successful in extorting money from them.<\/p>\n<p>One way to improve this situation would be to better protect remote computer access. This could be done by disabling the system when it\u2019s not in use, and using stronger passwords and two-step authentication (when a second, specially generated code is needed to login alongside a password). Or alternatively switching to a <a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/security\/vpn-endpoint-security-clients\/what-is-vpn.html\">virtual private network<\/a>, which connects machines via the internet as if they were in a private network.<\/p>\n<p>When we interviewed cybercrime researcher Bob McArdle from IT security firm Trend Micro, he advised that email filters and anti-virus software containing dedicated ransomware protection are vital. Companies should also regularly backup their data so it doesn\u2019t matter if someone seizes the original. Backups must be tested and stored in locations that are inaccessible to ransomware.<\/p>\n<p>These kind of controls are crucial because ransomware attacks tend to leave very little evidence and so are inherently difficult to investigate. As such, targeted ransomware attacks are not going to stop any time soon, and attackers are only likely to get more sophisticated in their methods. Attackers are highly adaptive so companies will have to respond just as smartly.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img decoding=\"async\" loading=\"lazy\" style=\"border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;\" src=\"https:\/\/counter.theconversation.com\/content\/113583\/count.gif?distributor=republish-lightbox-basic\" alt=\"The Conversation\" width=\"1\" height=\"1\" \/><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http:\/\/theconversation.com\/republishing-guidelines --><\/p>\n<p><a href=\"https:\/\/theconversation.com\/profiles\/lena-connolly-695744\">Lena Connolly<\/a>, Research Fellow in Cyber Security., <em><a href=\"http:\/\/theconversation.com\/institutions\/university-of-leeds-1122\">University of Leeds<\/a><\/em> and <a href=\"https:\/\/theconversation.com\/profiles\/david-wall-98233\">David Wall<\/a>, Professor of Criminology, <em><a href=\"http:\/\/theconversation.com\/institutions\/university-of-leeds-1122\">University of Leeds<\/a><\/em><\/p>\n<p>This article is republished from <a href=\"http:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a href=\"https:\/\/theconversation.com\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable-113583\">original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Once a piece of ransomware has got hold of your valuable information, there is very little you can do to get it back other than accede to the attacker\u2019s demands. Ransomware, a type of malware that holds a computer to ransom, has become particularly prevalent in the past few years and virtually unbreakable encryption has made it an even more powerful force.<\/p>\n","protected":false},"author":9,"featured_media":7262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[147,197],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hackers are making personalised ransomware to target the most profitable and vulnerable - FIRST-LINE PRACTITIONERS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers are making personalised ransomware to target the most profitable and vulnerable - FIRST-LINE PRACTITIONERS\" \/>\n<meta property=\"og:description\" content=\"Once a piece of ransomware has got hold of your valuable information, there is very little you can do to get it back other than accede to the attacker\u2019s demands. Ransomware, a type of malware that holds a computer to ransom, has become particularly prevalent in the past few years and virtually unbreakable encryption has made it an even more powerful force.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/\" \/>\n<meta property=\"og:site_name\" content=\"FIRST-LINE PRACTITIONERS\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-23T16:52:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-03T12:46:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.firstlinepractitioners.com\/wp-content\/uploads\/2018\/04\/slider-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Florian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Florian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/\",\"url\":\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/\",\"name\":\"Hackers are making personalised ransomware to target the most profitable and vulnerable - FIRST-LINE PRACTITIONERS\",\"isPartOf\":{\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#website\"},\"datePublished\":\"2019-05-23T16:52:20+00:00\",\"dateModified\":\"2019-10-03T12:46:37+00:00\",\"author\":{\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.firstlinepractitioners.com\/cs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers are making personalised ransomware to target the most profitable and vulnerable\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#website\",\"url\":\"https:\/\/www.firstlinepractitioners.com\/el\/\",\"name\":\"FIRST-LINE PRACTITIONERS\",\"description\":\"Curricula - Knowledge - Navigation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.firstlinepractitioners.com\/el\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3\",\"name\":\"Florian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g\",\"caption\":\"Florian\"},\"url\":\"https:\/\/www.firstlinepractitioners.com\/cs\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers are making personalised ransomware to target the most profitable and vulnerable - FIRST-LINE PRACTITIONERS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/","og_locale":"cs_CZ","og_type":"article","og_title":"Hackers are making personalised ransomware to target the most profitable and vulnerable - FIRST-LINE PRACTITIONERS","og_description":"Once a piece of ransomware has got hold of your valuable information, there is very little you can do to get it back other than accede to the attacker\u2019s demands. Ransomware, a type of malware that holds a computer to ransom, has become particularly prevalent in the past few years and virtually unbreakable encryption has made it an even more powerful force.","og_url":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/","og_site_name":"FIRST-LINE PRACTITIONERS","article_published_time":"2019-05-23T16:52:20+00:00","article_modified_time":"2019-10-03T12:46:37+00:00","og_image":[{"width":1920,"height":720,"url":"https:\/\/www.firstlinepractitioners.com\/wp-content\/uploads\/2018\/04\/slider-2.jpg","type":"image\/jpeg"}],"author":"Florian","twitter_card":"summary_large_image","twitter_misc":{"Napsal(a)":"Florian","Odhadovan\u00e1 doba \u010dten\u00ed":"4 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/","url":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/","name":"Hackers are making personalised ransomware to target the most profitable and vulnerable - FIRST-LINE PRACTITIONERS","isPartOf":{"@id":"https:\/\/www.firstlinepractitioners.com\/el\/#website"},"datePublished":"2019-05-23T16:52:20+00:00","dateModified":"2019-10-03T12:46:37+00:00","author":{"@id":"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3"},"breadcrumb":{"@id":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.firstlinepractitioners.com\/cs\/hackers-are-making-personalised-ransomware-to-target-the-most-profitable-and-vulnerable\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.firstlinepractitioners.com\/cs\/"},{"@type":"ListItem","position":2,"name":"Hackers are making personalised ransomware to target the most profitable and vulnerable"}]},{"@type":"WebSite","@id":"https:\/\/www.firstlinepractitioners.com\/el\/#website","url":"https:\/\/www.firstlinepractitioners.com\/el\/","name":"FIRST-LINE PRACTITIONERS","description":"Curricula - Knowledge - Navigation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firstlinepractitioners.com\/el\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3","name":"Florian","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g","caption":"Florian"},"url":"https:\/\/www.firstlinepractitioners.com\/cs\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts\/8472"}],"collection":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/comments?post=8472"}],"version-history":[{"count":1,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts\/8472\/revisions"}],"predecessor-version":[{"id":8482,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts\/8472\/revisions\/8482"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/media\/7262"}],"wp:attachment":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/media?parent=8472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/categories?post=8472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/tags?post=8472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}