Has ransomware’s genuine impact on business been observed yet, or is this merely a proof of concept? It is not surprising that WannaCrypt and Petya malware have been in the news recently. The ransomware’s capacity for both spreading and mutating is what causes the outbreaks. There might already be undiscovered mutated forms of the ransomware hiding latent and prepared to execute while IT security experts identify, track down, and eradicate specific ransomware strains. As organizations only seek “known” risks after enough other organizations come across them, we anticipate that stories like these will continue to surface. There were 4.3 times as many new ransomware variants in Q1 2017 as there were in Q1 2016, as can be seen in the graph below from Proofpoint’s Q1 2017 Quarterly Threat Report.
Polymorphic and mutating malware… yep, you read that right
Just such a feature is present in EventTracker Security Center 8.3 to tackle contemporary ransomware as well as polymorphic and morphing malware. EventTracker has included a new feature called Dormant Malware Hunter. Modern malware, including ransomware, copies itself to numerous folders with different names and hashes so that if the original is found and removed, the copies are still around and ready to attack later. Dormant Malware Hunter excludes files discovered on a known safe files list but finds hidden EXE and DLL files that have never been executed. As a result, copies of the malware can be eliminated from the network, stopping its spread or re-infection.
IT security teams can completely purge their network of ransomware variants, including those that are not yet known to global threat intelligence feeds, thanks to their capacity to track down these dormant and undiscovered threats.
“Ransom-a-Retailer” may be cyber-criminals’ next game
According to CYB3R-X, the next wave of ransomware assaults may target the retail and hospitality industries, with potentially disastrous results. The manufacturing slowdown caused by incidents like the ones that affected Honda and Renault has an effect on the bottom line. However, sales and order fulfillment continue. Of course, there could have been a blip in their productivity. Retailers might lose millions of dollars every day in lost income if these attackers focus on the infamous POS system, which frequently makes news for credit card data theft. If they choose to hold a merchant ransom by stopping them from conducting business with customers.
Black Friday 2017 may truly be a dark day
Think about the situation from the perspective of online crooks. They seem to have no trouble breaking into POS systems and stealing credit card information, doing so covertly for months. Since you are probably already aware of the numerous brands that have experienced such breaches, I won’t name them here. The going rate for credit card data theft on the illicit market is actually decreasing. Prior until recently, a US credit card could sell for $20–30, but now days, the average price is closer to $5–10. Simple supply and demand — there is an abundance of stolen credit card information!
Consider the scenario from the standpoint of internet thieves. They take credit card information discreetly for months and appear to have little issue hacking into POS systems. I won’t mention the many brands here because you are probably already aware of them for having had such breaches. On the black market, credit card data theft is actually becoming less common. A US credit card used to sell for $20 to $30 on average, but these days the price is closer to $5 to $10. There is an amount of credit card data that has been stolen; it’s just supply and demand!
EventTracker released EventTracker Essentials in December 2016 to protect retailers from such harm before it becomes the “next big thing in ransomware.” The managed endpoint threat detection and response solution is distinctive in that it appropriates the necessary set of capabilities from its enterprise SIEM and makes it logistically and financially feasible to deploy to every single POS system across every retail outlet.
IT security for franchise retailers is tougher than herding cats
Retail and hospitality brands face the additional burden of managing thousands of storefronts that are owned by hundreds or even thousands of individual franchise owners who are running their own businesses in the more complicated franchise-model space. Securing a franchised brand from ransomware at these many vulnerability points (imagine X POS terminals multiplied by Y locations across multiple/separate franchise firms) is difficult without a suitable solution that takes into consideration such complexity (still one of my favorite commercials of all time). But CYB3R-X has now expanded its market-leading managed network security, resilience, and compliance service for retailers to include a specially packaged version of EventTracker Essentials. The system provides the franchise retailers’ “edge” locations with the same essential endpoint threat detection and response capability.
We can only hope that retailers of all types and sizes pay attention to the repeated warnings and proof that POS systems are incredibly vulnerable and a ransomware assault could be disastrous. A pound of cure is worth an ounce of prevention.