Back when I was in college, I remember one day our class asked our programming professor, “how do we create a virus?” Understandably, our professor refused to answer the question. However, after some persuading, he eventually agreed to give us one example. It looked like this:
Suddenly, the class was enlightened. More than that, I was personally astounded. How could a single line of code do so much damage??
Fast forward to today, and I am still astounded, perhaps for a slightly different reason. I came to realize that the virus example presented to us is not only capable of doing considerable damage but it is also something very easy to create.
In fact, it resembles the ransomware situation that we face today. A potent malware idea occurred to someone that was fairly simple to implement. However, this time, the receiver of the information is not a single programming class, but the entire Internet. The result? A plague of ransomware attacks.
So what’s my point? I guess my point is to provide a wakeup call. The hard truth is that ransomware isn’t going to go away. Because the raw code is readily available, ransomware is relatively simple to create and execute, and many organizations are willing to pay to have it removed. I have seen countless IT admins posting on forums regarding ransomware hitting their organization. While the Healthcare industry is no stranger to ransomware attacks, it’s anyone’s guess how many unreported ransomware cases are hitting end-users and organizations on a daily basis.
Care for a reality check? FortiGuard IPS telemetry shows that the latest major ransomware family, Locky, has registered a total of over 24 million hits since it first appeared in the wild in mid-February. If we translate this data into a heat map, we see a global phenomenon of Locky ransomware attacks:
Figure 1. Heatmap of Locky infections
While we in the security sector are doing our best to mitigate ransomware attacks, it is high time for organizations, IT admins, and even average end users to re-assess and harden their security posture. It is worth emphasizing that online behavior and security awareness is an essential part of any security posture, but this post is not about giving you guidelines – there is tons of information on the Internet about that.
My intent for writing here is to urge you to act, because ransomware is a growing threat that can be mitigated with a focused effort to do so.
Buckle-up, we have a rough ride ahead. But together we can make it.
The FortiGuard Lion Team
We will talk more about Locky ransomware on our upcoming Virus Bulletin Conference 2016 presentation, "Locky Strike: Smoking the Locky Ransomware Code". We look forward to seeing you there.