Cisco Finds $34 Million Ransomware Industry (networkworld.com)

← Back to Stories (view on slashdot.org)

Cisco Finds $34 Million Ransomware Industry (networkworld.com)

Posted by EditorDavid on Saturday July 30, 2016 @05:35AM from the crime-doesn't-pay? dept.

Ransomware is "generating huge profits," says Cisco. Slashdot reader coondoggie shares this report from Network World: Enterprise-targeting cyber enemies are deploying vast amounts of potent ransomware to generate revenue and huge profits -- nearly $34 million annually, according to Cisco's Mid-Year Cybersecurity Report out this week. Ransomware, Cisco wrote, has become a particularly effective moneymaker, and enterprise users appear to be the preferred target.
Many of the victims were slow to patch their systems, according to the article. One study of Cisco devices running on fundamental infrastructure discovered that 23% had vulnerabilities dating back to 2011, and 16% even had vulnerabilities dating back to 2009. Popular attack vectors included vulnerabilities in JBoss and Adobe Flash, which was responsible for 80% of the successful attacks for one exploit kit. The article also reports that attackers are now hiding their activities better using HTTPS and TLS, with some even using a variant of Tor.

18 comments

Min score:

Reason:

Sort:

backups by phantomfive · 2016-07-30 05:47 · Score: 1

If they aren't making backups, then they are lucky, because a hard drive failure often won't allow you to recover your data.

--
"First they came for the slanderers and i said nothing."
How the ransom works by Anonymous Coward · 2016-07-30 05:48 · Score: 0

1. Develop networking infrastructure full of security holes even though huge profits could be ploughed into auditing.
2. Wait for vulnerabilities to be exploited.
3. Report on vulnerability findings.
4. Tell buyers that they will need to pay for a cripplingly expensive support contract to receive updates.
5. Goto 1 until people wake the fuck up. (optimized: Goto 1.)
1. Re:How the ransom works by OzPeter · 2016-07-30 06:40 · Score: 1
  
  1. Develop networking infrastructure full of security holes even though huge profits could be ploughed into auditing.
  2. Wait for vulnerabilities to be exploited.
  3. Report on vulnerability findings.
  4. Tell buyers that they will need to pay for a cripplingly expensive support contract to receive updates.
  5. Goto 1 until people wake the fuck up. (optimized: Goto 1.)
  You're overthinking this. You don't even need any outside actors to do the vulnerability development and exploitation:
  1. "Sell" product to customer
  2. Send in audit team
  3. Announce that the customer is not in compliance with their license
  4. Extract $$$ from customer to become compliant
  5. Goto 2.
  
  --
  I am Slashdot. Are you Slashdot as well?
2. Re:How the ransom works by haruchai · 2016-07-30 06:51 · Score: 1
  
  "1. "Sell" product to customer
  2. Send in audit team
  3. Announce that the customer is not in compliance with their license
  4. Extract $$$ from customer to become compliant
  5. Goto 2."
  I think we used to refer to step 2 as the Business Software Alliance, who somehow had police SWAT at their beck & call
  
  --
  Pain is merely failure leaving the body
3. Re:How the ransom works by Lumpy · 2016-07-30 07:22 · Score: 1
  
  Currently that is very close to the Polycom Scam...
  Buy Polycom Video Conference device.
  Wait 3 years and need an update to fix a security hole Polycom had in their software.
  Pay EXTORTION FEES of 4 years of Support contract to access that download. The current year and the previous 3 years.
  Pray they dont alter the deal any further, and kiss the ring of Polycom Don.
  Cisco and other big companies like them need to have their executives punched in the taint.
  
  --
  Do not look at laser with remaining good eye.
4. Re: How the ransom works by Anonymous Coward · 2016-07-30 07:23 · Score: 1
  
  I once worked for a guy who had been the CEO of the BSA for a while, and his response to my questioning why we didn't pay for all of the MS seats we actually used was, "BSA can't do jack shit, it's just threats and negotiation. As long as we buy the minimum to get the volume license agreement, we're good." I shrugged, he smiled, and that was that.
5. Re:How the ransom works by OzPeter · 2016-07-30 07:24 · Score: 1
  
  Both Microsoft and Oracle are well known for audits. I'm sure there are a lot of other big name companies that do the same.
  
  --
  I am Slashdot. Are you Slashdot as well?
6. Re:How the ransom works by mysidia · 2016-07-30 08:26 · Score: 1
  
  Add Adobe, AutoDesk, Microsoft, Oracle, SAP, IBM, McAfee, Symantec, and VMware to that list.
  They're all on the 'software companies most likely to audit you' list.
  And for these organizations, Audits are an increasingly important source of revenue.
  So most of them are expanding audits, and switching products towards a cloud model; either way, to
  force customers to pay an additional periodic revenue stream..... especially MS.
What ? by Anonymous Coward · 2016-07-30 05:57 · Score: 0

Only $34 million,I would have thought between them,hackers and individuals are turning more than that over per month.or is that just what is lost that Cisco are responsible for ?
Human, not tech issue by tirnacopu · 2016-07-30 06:06 · Score: 3, Insightful

If the "enterprise users" are mainly targeted, and they decide to pay the ransom, bypassing the sec and legal support from the company/police, they are only aggravating the problem and should be fired on the spot.
Cisco "finds" by Anonymous Coward · 2016-07-30 06:12 · Score: 0

In other news, I found my backyard this morning.
Not going away - the "new normal" by DigiShaman · 2016-07-30 06:17 · Score: 1

Here is what's to become of modern computing in the enterprise world.
-Staff orientation on situational awareness. There are high-tech cons artists that will scare or otherwise coax them into running malware. PEBKAC is the primary initiator of this. Antimalware software is only there to catch you when you fall; it's not guaranteed to protect you all the time. Malware is a moving target to stop.
-Pure SSD SAN/NAS storage. Once TBs of data gets whacked, you will need a quick way of restoring it; paying the ransom is NOT the option. Thankfully the hardware is dropping in price as the technology matures.
-Air gaping of networks will become increasingly important.
-Can't really go back to deadwood (filing cabinets and paper) as an ultimate physical reference source, but I suspect there will be the resurgence in Next Generation microfiche technologies. I'm not kidding.

--
Life is not for the lazy.
1. Re:Not going away - the "new normal" by Anonymous Coward · 2016-07-30 06:27 · Score: 0
  
  Microfiche is the best!
Microsoft facilitates $34mil ransomware Industry by tetraverse · 2016-07-30 09:08 · Score: 2

Title corrected for accuracy :)
$34 million? by JustAnotherOldGuy · 2016-07-30 11:10 · Score: 2

I'd be surprised if it was only $34 million.
Unless they counted every type of ransomware and every instance of payment, my guess is they're missing quite a bit of the actual revenue generated.

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:$34 million? by gweihir · 2016-07-31 06:08 · Score: 1
  
  Crime does generally not pay well, and the same is true for computer-crime. As Cisco wants to display the problem as being as serious as possible (to scare people into buying their stuff), the number give is likely already significantly too high.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Since when is that a "huge" profit? by gweihir · 2016-07-31 06:07 · Score: 1

I think Cisco wants to increase their own profits (which are a bit larger, by a factor of 1000 or so) by scaring as many people as possible. Despicable.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What? by Anonymous Coward · 2016-07-31 11:18 · Score: 0

The attached report doesn't explain how Cisco came up with that "$34 million" number. It's probably been pulled out some exec's buttocks to create some FUD to sell cyber-security products.... amiright? ahha? anyone?