“RansomWhere? Everywhere!” is playing on the similarity in pronunciation between “ransomware” and “ransom where,” suggesting that the threat of ransomware is widespread and can be encountered everywhere. It’s a play on words to emphasize the ubiquity and potential danger of ransomware attacks across various computer systems and networks.
Recent months have shown a significant rise in the number of ransomware attacks on various verticals. This was highlighted by the Homeland Threat Assessment October 2024 Report (Homeland Threat Assessment 2024), Temple University Ransomware watch list (CIRA), Microsoft Digital Defense Report 2023 (MDDR), and others. Moreover, an indicator for that can also be found in the rise of Bitcoin’s exchange rate which is used for ransomware payoffs.
First Death Caused by Ransomware
A recent and unfortunate incident was when a woman died in Duesseldorf University Hospital during a ransomware attack. She might have been the first victim linked to a ransomware attack on a hospital, and hopefully the last one…
Additionally, a Philadelphia company selling software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack. This caused some of those trials to slow down two weeks after the attack.
Many of these attacks could have been easily carried out by an infected device…
RansomWhere? Everywhere!
RansomWhere? Everywhere! Why? There are the obvious reasons related to financial downtime and uncertainty, which always leads to an increase in criminal activity.
“Legacy crime” activities are harder to complete – ever tried pickpocketing while social distancing? So, if you are a criminal sitting at home, you can binge-watch the Netflix series, “House of Paper”… Or you can make the effort to understand what’s this ransomwhere “stuff” that everyone is talking about. And hey, you have Rita’s cousin who is a computer geek, so why not use him?
All the information is out there, you can run an easy ransomware attack by just asking someone to put a manipulated mouse (MouseJack Attack) or keyboard (Hacked Device) on someone’s desk… No Navy Seals training is required for that, Rita’s cousin will suffice.
Hardware-Based RansomWhere Attacks on the Rise
Without hardware security, the physical layer remains uncovered. This allows Rogue Devices to go undetected due to the fact that they operate on this layer-resulting in hardware-based attacks…
Spoofed peripherals are manipulated on the physical layer and impersonate legitimate HIDs, being detected as such by endpoint security software.
Network Implants go entirely undetected by network security solutions, including NAC, as they sit on the physical layer, which such solutions do not cover. So, without hardware security, enterprises are completely exposed to hardware attacks, no matter how many alternative security measures are in place.
Cybercriminals are Taking Advantage of WFH Vulnerabilities
The professional cybercrime and state sponsored groups find these times a fertile ground for their operations by using all work from home cyber security vulnerabilities. Since these work from home policies present an even greater risk of hardware attacks, organizations need to be more aware of physical layer security.
Attackers will always be smart! They are pragmatic and fast to adapt to cybersecurity challenges. Furthermore, if in the past, companies with a good backup plan could bounce back without even paying off, this is no longer the case. Now the new “currency” is data leakage, and bouncing back from a major data breach comes with a completely different price tag.
Do you want an example of how easy it is? John is fed up with his boss and is thinking about leaving the company. In theory, he could take a certain database snapshot of customers or IP and send it anonymously to his company as “Proof of Authenticity”, threatening to release a massive amount of data…. How could you tell if it is an internal threat or APTx? Does it really matter?
