Battling Ransomware With Crowdsourced Threat IntelligenceRansomware Gangs' Profits Still Booming, Say AlienVault Security Researchers
It's boom time for the ransomware business as criminals continue to make easy cryptocurrency paydays via crypto-locking attacks.
See Also: How to Defend Your Attack Surface
"It makes perfect sense for a criminal - it's low risk ... and you're looking at a decent return rate on it, so it's a very attractive model. And we're seeing a lot more really organized cybercriminals really getting into that," says Javvad Malik, a security advocate at AlienVault.
Criminals are also diversifying into new business models, including open source ransomware and ransomware as a service, he adds.
To help battle these attacks, gathering and sharing threat intelligence is more critical than ever, says Chris Doman, a security researcher and threat engineer at AlienVault
"Ransomware is seen by so many people," Doman says, meaning that organizations that get hit first can alert others. "We found that one of our users had actually found the earlier version of WannaCry, which came out about a month before the one that hit the world really big. Bbefore the worm version, there was a smaller version."
In a video interview at the recent Infosecurity Europe conference in London, Malik and Doman discuss:
- The ransomware business model;
- Techniques for detecting breaches faster;
- AlienVault's Open Threat Exchange.
Malik, a video blogger, formerly was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services.
Doman works primarily on the AlienVault Open Threat Exchange OTX. His previous positions include working as a consulting analyst for Vectra Networks and on cyber threat detection and response for PwC. He runs the threat intelligence portal ThreatCrowd.org in his spare time.