Cisco has struck a big blow against the cybercriminal community by shutting down one of the most notorious ransomware groups currently in operation. Investigators from Cisco Systems' Talos security unit is being credited with the takedown, as they led the investigation into the currently nameless group.
The group of hackers used ransomware to demand money from their unsuspecting victims. Ransomware is a malicious piece of code that encrypts your files, effectively holding all of your information ransom until you pay some sort of fee. Despite almost never actually completely clearing their malware from your system, these hackers tend to make quite a bit of money off of scared users who just don't know any better.
Using this fear, the group was able to pull in an estimated $30 million a year from their exploits.
How were they found?
The story behind this group's inevitable shut down starts with Talos researching something called an Angler Exploit kit. Basically, this is a tool used to infiltrate a person's network and thereby infect them with ransomware, making it extremely effective.
By exploiting vulnerabilities in browsers and plug-ins for browsers, this piece of malware has an estimated 40 percent success rate at breaking into its victim's system.
In researching this particular malicious tool kit, Talos noticed that a lot of the users infected with ransomware were connecting to servers within the Limestone Networks data center. Working with Limestone, Talos uncovered a single operation on some of Limestone's servers that was targeting as many as 90,000 people every day.
Talos estimated that if a mere 3 percent of infected users paid a ransom of $300, the low-end of the scale in terms of ransomware fees, this hacker group would have been generating around $30 million every year.
What to do if ransomware finds you?
The first thing you should do if you find yourself the victim of a ransomware scheme is not to panic. Many times these scammers will impersonate law enforcement agencies, saying that you've broken some sort of law and are now liable for a fine. It's important to know that law enforcement officials will never ask to pay a fine over the Internet and that anyone who does simply wants your money.
Ransomware "fines" are generally kept between $300 and $500. While this may seem low, especially considering that ransomware can target important figures in big businesses, it's the perfect range for illegal activity according to Cisco's 2015 Midyear Security Report.
The price is just high enough to make a profit, and just low enough to make you think paying the fine will be quicker and cheaper than finding a lawyer or contacting the police. The fear of facing legal ramifications is more than enough for some people, and it can seem easier to just pay off whoever has locked your computer.
This is quite literally the worst thing you can do.
Cisco's security report says that the only way to truly protect yourself from ransomware attacks is to keep vitally important files "air gapped," or completely separated, from your network. This could mean writing things down on paper or even just keeping them on a flash drive. Basically, you want to be able to have so little information on your computer that ransomware attacks become nothing more than annoyances.
If you are the victim of a ransomware attack and have sensitive information on your computer that you are worried about, the only thing to do is to get the authorities involved.
Get certified and fight cybercrime!
It's quite clear from these events that Cisco knows a thing or two about cybersecurity. In fact, it's why they've created a Cisco security certification course available through New Horizons Computer Learning Centers of Southern California and Southern Arizona. New Horizon's list of Cisco security certification classes will help get you on the right track toward fighting cybercriminals.
Join us for Cyber Security: Pathway to Forensics, a two hour webcast that will introduce the viewer to basic concepts of computer forensics and receive CEU credits. Register here!
- Cyber Security: Pathway to ForensicsRegister for one our sessions for Cyber Security: Pathway to Forensics
- Cisco Training & CertificationsStart with New Horizons Cisco-authorized training and explore the multiple certification paths depending on your job role and level of experience.
- 2015 Cisco Worldwide Acceleration and Transformation Learning Partner of the YearNew Horizons Computer Learning Centers Awarded Cisco's Worldwide Acceleration and Transformation Learning Partner of the Year Awar
- Information Security Training At New Horizons, our information security offerings are designed to ensure that your organization can be the "Secure Organization"—enabling you to target specific training for your business based on information security threats and organizational job roles.