If you search the dark web--the scary online world hidden from search engines, you'll discover that everything is for sale, including ready-made ransomware. If you're a small business owner, here are some things about this underworld that you should know...
The image of the hacker as one person in a black hoodie attacking networks from their grimy apartment couldn't be further from the truth these days. Business owners must realize that most attacks are coordinated by teams of cyber criminals. These crooks are buying scripts and software from illegal businesses that build and deliver "made for you" ransomware in exchange for Bitcoins on the dark web. Ransomware refers to any malware or virus that prevents users from accessing systems or data until a ransom is paid. The sale of ransomware is now a multi-million dollar global SaaS "Software as a service" industry--generating over 25 million in revenue for hackers each year!
Ransomware is the most popular form of malware for crooks with minimal coding skills who are looking for a quick payday. According to Phishme, Ransomware attacks have increased over 97 percent in the past two years.
Why? Compared to other types of attacks, Ransomware is fairly easy to deploy and can be very profitable. Businesses looking to avoid lawsuits and bad publicity often agree to pay the ransom to get their data back. However, even after a ransom is paid, corrupted files are only fully recoverable about half of the time.
Take the Halloware Ransomware for example. This was a malware offered for sale on the Dark Web last year that only cost $40 for a lifetime license.
The ad was discovered by Bleeping Computer, who were even able to get a hold of the contents of the weaponized documents (Shown below).
In addition to helpful instructions and a working virus that encrypted files, Halloware even included a creepy clown pop up window with a message containing the instructions for how to pay the ransom and decrypt the data.
All a criminal had to do was change the payment site url and they were in the ransomware business--for the cost of one sit down dinner.
Halloware is an example of a fairly unsophisticated ransomware package, but more than that is not needed to attack small businesses that aren't paying for strong data protection.
Depending on how much hackers are willing to spend, there are far more improved and dangerous forms of ransomware for sale right now. Some of the ransomware being sold on these sites is similar to what was used to infect the governments of Baltimore and New Orleans as well as hundreds of hospitals and large municipalities.
The chat rooms of the dark web have become a great training ground for young hackers. They can review ransomware products, share phishing scripts that have worked in the past, and even offer customer service to buyers who need tech assistance releasing their malware or collecting their ransoms.
If small business owners don't have at least the same level of support to protect against these types of attacks, as the hackers who are targeting them do--they are easy targets.
Here are a few things a business should do immediately to safeguard their data against this growing threat:
Fill out this => contact form today <= and one of our small business security experts will be in touch!
