Channel News

The Evolution of the Ransomware Business Model

Thursday, March 31, 2016

Author: Cam Wayland
Ransomware attacks are one thing that I have started to see and hear more and more of lately. This type of malicious software, designed to block access to a computer system until a sum of money (ransom) is paid, is wreaking havoc for partners and their customers.

Recently I was trying to get hold of a colleague at an SMB focused reseller. He was however flat out restoring or rebuilding desktops & servers, and generally fixing a number of Ransomware incidents at several of his client sites. This piqued my interest and led me to ask a range of questions. How did these clients get infected? Did they pay the ransom and if so how much? Did it work? Is Ransomware on the increase, and can you prevent an attack, or at worst limit the damage?


Is Ransomware On The Increase?

Firstly, yes, it seems there are more Ransomware attacks taking place. The primary reason for this increase appears to be because it is now easier and cheaper than ever for potential criminals to get access to malware. They are now packaged as a complete toolkit including exploit malware, encryption and key management software.

 

Also Ransomware kits are now extremely inexpensive. They are being sold for anywhere between US$3,000 for source code (including support and customisation options) to $40 for “try before you buy” demo single use versions. There is now even Ransomware as a Service that operates on a flat fee/commission per victim or profit share model! This means that not only is Ransomware now cheaper and more accessible; it is also available in a range of versions so potential criminals can make a selection based upon their budget and their intentions.

This leads us to the question... if you are unfortunate enough to become compromised by Ransomware do you pay, and if so, does it work? The current ransom amount appears to be around US$500 (payable only via Bitcoin). Further to this, anecdotal evidence from some local resellers suggest that paying the ransom has worked for their clients in cases where they absolutely had to get their data access back. There is however, still the risk that it may not work, despite paying the ransom, for a variety of technical reasons.

 


Pricing

The pricing model of the ransom is something that has changed over past few years and I believe will continue to do so. When this type of attack first began, the ransom was much higher i.e. $4,000. As the bad guys business model has matured however, it is now a higher volume and lower cost play. The model is now based around Infecting more machines but making the ransom lower. This lower ransom is now an amount that people are more willing to risk compared to alternatives. Recently the pricing model has evolved again. The latest round of ransom demands have an initial price set at $500 (for example), but for every 24 hours after first going to your unique decrypt instruction page a clock starts ticking and the ransom doubles! I.e. in 48 hours it will be $1,000, so act promptly!

An interesting by-product of the pricing model evolution is that as the Ransomware model has matured, it is now in the criminals’ best interest that the decryption “works as advertised”! I.e. Follow the instructions, pay only $500 and you will get your files back tomorrow. If it did not work, victims would stop paying the ransom and the business model would be completely flawed. As bizarre as it sounds, this model actually calls for you to trust the criminals and their customer service.



Ransomware Target Market and Prevention

So who is getting infected and locked, and what can be done about it? It appears that Ransomware attacks are more prevalent in SMBs, as they generally have less sophisticated security mechanisms and policies in place than larger organisations. This is compounded by the fact that SMBs have limited IT resources and that among these resources there is not likely to be a Security Specialist.

Despite this statistic it is worth mentioning that phishing attacks targeting anyone and everyone are becoming more and more sophisticated through very realistic looking 'bait' emails. The Australia Post phishing attack is one such example, as is the more recent Telstra billing notification attack that even included a personal name and a realistic payment date.

In terms of preventing infection, client education is the most critical component. If something looks suspicious DO NOT OPEN the attachment or click on the link. It is imperative that not only management but more importantly staff are taught about the risks of Ransomware attacks. In particular, users need to be educated on how to recognise the tell-tale signs in phishing scams that lull people into believing an email is legitimate. If in doubt it is important they don't open an email.

Secondly having a comprehensive backup and recovery system is essential. If things do go pear shaped, then at least a rebuild and restore process is an option for restoring critical data and getting your business up and running again.

Finally educating clients that end point AV programs by themselves are next to useless is critical. Clients need to know that they should be investing in a more comprehensive security architecture with supporting IT policies and resources (potentially as a service) to help to minimise their risk.



Conclusion

The Ransomware business model is now very sophisticated and continues to morph through social engineering techniques, and unfortunately these Ransomware attacks are unlikely to diminish in 2016. This means it is critical to educate your customers and staff about the very real risks that Ransomware presents to your and your client's business. In addition to education, it is imperative that you and your clients have a reliable back up and restore solution and process in place in case an attack occurs.

Thanks to Cisco, WatchGuard, Intel Security & number of resellers for their assistance in researching this article.


Back to News

Comments From Our Clients

  • "I have worked with Moheb on several channel projects including the ARN IT Industry Awards. He has deep channel knowledge and is passionate about how indirect sales can deliver product to market effectively. I would recommend him to anybody looking to build or improve their sales channel"
    ARN – Editorial Director, ARN, IDG Australia
  • "Moheb, apart from his extensive knowledge of the ANZ channel, is an excellent presenter. I have used him on many occasions to present some "unique" sales training courses, and would wholeheartedly endorse his professionalism and ability to deliver on commitments"
    Adobe – Channel Sales Manager
  • "It's great to finally work with an organisation that understands the simple and practical ways of maximising channel value"
    CA – Director, Channel Sales
  • "Channel Dynamics provided us with a straight forward and completely practical way to teach our channel how to understand and deliver complex messaging to their customers. Through this project we were able to set completely new positioning, in a very efficient and timely manner"
    Cisco – Regional Manager Channel Sales
  • "I have engaged Moheb and Cam for channel surveys and the facilitation of planning sessions. They bring with them a detailed understanding of the ANZ channel and knowledge of the market, and added measurable value back to our organisation."
    Citrix – Manager, Channel Development Team
  • "The Channel Dynamics team was a tremendous help in driving toward a more optimized, streamlined, and rational approach toward managing our channel, and helping them and us to grow"
    Citrix Systems – Area Vice President, ANZ
  • "The team at Channel Dynamics helped us understand the channel landscape, identify complementary partnerships and build a strong value proposition that addresses the IDEAL 15 questions"
    Dell – Channels Director
  • "Cam & Moheb are two of the best guys in the industry. Their knowledge of the channel and their professional approach makes them a pleasure to deal with. They have certainly made a difference to the way we do business - I can't recommend them highly enough"
    D-Link – Marketing Director ANZ
  • "Spot on. Cam had a lot of market knowledge and really stimulated discussions. The content was relevant, and I will be able to apply the content gained to my role."
    Ingram Micro – Product Manager
  • "Cam had excellent (inside) knowledge of the industry"
    iProvide – Partner Manager
  • "The most relevant training for the channel that I've ever seen and the feedback from every member of our sales team who attended his course was fantastic. If you're looking for an effective channel model, have a chat with Moheb."
    itX Group Limited – Marketing Manager
  • "The real value of Channel Dynamics is their channel insight and professional approach. Their research provided us with valuable feedback from executive management within our partners, which gives us the building blocks to develop and enhance our channel program."
    Juniper Networks – Channel & Enterprise Marketing Manager ANZ
  • "The absolute best training course we have ever done. Really hit the hot buttons where we were experiencing difficulties talking to resellers, and enabled us to talk to partners in a much more relevant manner. I would certainly recommend it."
    Lexmark – General Manager Channels
  • "Channel Dynamics delivered a combination of strategy development, training, recruitment, and general board level consultancy that significantly contributed and shaped the growth of our business. I could not recommend them more highly for their professionalism, knowledge, wisdom and experience"
    Mailguard – Sales & Marketing Director
  • "Channel Dynamics helped us focus and build upon our own knowledge and strengths to enable us to go to market with a strong, consistent message. The results were truly remarkable!"
    Netgear – Director - Distribution & Retail
  • "I have done several channel courses, and this one was tailored to the market we address. The other programs were cookie cutter approaches"
    Optus – Channel Manager
  • "Channel Dynamics has helped us to define a partner framework from beginning to end and has consistently exceeded our expectations in regards to their professionalism and the way they transfer their knowledge"
    Software AG – Channel Manager
  • "In one word their course was SUPERB. I also found that it provided a great environment for team building. The course encourages an environment where you learn the personal side to your partners, customers or colleagues"
    Symantec – Business Development, Education Services
  • "Channel Dynamics has always added tremendous value in my role as a Channel Director. The combined experience and knowledge of Moheb & Cam make it very difficult to go past them whether you need to train your staff, build strategy or improve partner engagement. In fact they can pretty much fulfil all your needs when it comes to partnering"
    VMWare – Channel Director
  • "There are many consulting companies but there is only one Channel Dynamics. The difference is their experience. Our engagement with them gave us an insight into our channel requirements that we never would have found by looking from the inside out"
    Watch Guard Technologies – Sales Manager
  • "Channel Dynamics understands our business, customers and partners. We don’t have to spend time teaching them our business - they get it. They are always professional, consistent, focussed on attention to detail, and the follow through is outstanding."
    Westcon – General Manager, ANZ