Connect with us

Hi, what are you looking for?

HEADLINES

The dark side of the dark web

IMAGE CREDIT: PIXABAY.COM

Gone are the days when ransomware was developed and distributed by skilled cybercriminals. Today, anyone can easily build and launch ransomware as there are only two key requirements – bad intent and access to the dark web, a marketplace where malware kits are advertised the way a traditional online retailer promotes regular items like clothes and shoes, according to Sophos.

Users on the dark web are anonymous and protected by a privacy feature baked directly into the Tor browser, which is the browser used to access it. This also means that law enforcement authorities are unable to identify where the websites are, who owns them, who uses them or who to arrest.

The easy access to the dark web is fueling ransomware-as-a-service (RaaS) distribution models, which essentially enable novice cybercriminals to download and use ransomware. As ransomware is cheap to purchase and spread, it also provides a quicker payout than stealing credit card data or personal information.

One of the most recent, successful example is Philadelphia, a ransomware variant that is easy to customize and deploy, and uses common marketing strategies to reach potential customers. Cybercrooks only have to pay once to get an executable that can generate unlimited ransomware samples.

There is even a production-quality intro video on YouTube, explaining the nuts and bolts of the kit and ways to customize the ransomware with a range of feature options. Hence, with ransomware variants like Philadelphia, criminals with limited technical skills, can easily execute high-quality attack campaigns.

Advertisement. Scroll to continue reading.

In fact, there are ransomware variants on the dark web delivered via cloud that offer a host of menu options to guide crooks on how much ransom to charge and the distribution spectrum of the attack.

For a ransomware campaign to succeed, attackers must overcome four main challenges:

  1. Setting up a command-and-control server to communicate with victims
  2. Creating ransomware samples
  3. Sending the samples to victims
  4. Managing the attacks by collating statistical information, checking payment etc

Chester Wisniewski, Principal Research Scientist, Sophos shares tips for enterprises to ensure attackers do not cross these challenges successfully:

  1. Understand underground trends and train employees on how the dark web works
  2. Increase the frequency of security monitoring and reporting in the organisation
  3. Patch early and patch often, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003
  4. Be vigilant to recognize if employees or customers are being targeted

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

According to a report, downtime and lost productivity are the most concerning business problems caused by ineffective IT security, an opinion expressed by 38%...

HEADLINES

Companies plan to increase their IT security budgets by up to 9%. The median cybersecurity budgets for large enterprises were US $5.7M with US...

HEADLINES

Globe has been a consistent advocate for a safer and more responsible digital space

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

HEADLINES

The rising rate of ransomware attacks against healthcare institutions contrasts with the declining rate of ransomware attacks across sectors; the overall rate of ransomware...

Advertisement