A New Malware Attack; The Defense Dynamic

October 19, 2017

Countries initially infected with WannaCry ransomware via Wikipedia

Ransomware, the malicious software impacting all sectors of technology and infrastructure, boasts a unique approach to the cybercrime economy. These tools, once they execute on an infected target computer, encrypt select files or all files on the target until a ransom is paid to unlock them. This results in a lucrative enterprise for the criminal if the attack is widespread and the ransom reasonable enough for victims to pay.

How is ransomware unique in the field of malware? Unlike other malware, ransomware cybercriminals value the theatrics of the attack and high visibility disruption. While anatomically similar to other malware from a technical standpoint, ransomware borders on a cyber/physical attack due to the direct impact on an end user.

Other types of malware attacks, like Advanced Persistent Threats (APTs) or worms perpetuating a botnet, appreciate stealth for as long as possible or have mechanisms to evade detection in a sandbox environment. The principles of high-visibility malware, including calling cards, have in the past been reserved for activists. Ransomware attackers do not mind detection, rather they encourage interaction with the victim. Instead of covert theft from financial institutions, ransomware perpetrators go as far as providing an email address or username for an encrypted messaging service so that the victim can ask questions.

Ransomware hackers use both carrot and stick approaches to getting victims to pay the ransom. They may employ various tactics during an attack; some promote a sense of fear or urgency, while others seem to serve to assist the victim recover their files:

Periodic deadlines before file deletions or leaks
Final deadlines before system wipes
Frightening imagery
Advice for setting up a Bitcoin wallet, along with a list of recommended Bitcoin vendors
Frequently asked questions and other customer service

The ransomware attacks of today offer much more information than a normal attack; even a line of communication in most cases, in order to facilitate victim cooperation. There is a distinctly human mark to ransomware which makes it conducive to employing social strategies to defend against the hacker. We anticipate that more ransomware-like malware will appear in the future enabling a new type of defense to cyberattacks – Defensive Social Engineering.

MIT Cybersecurity Clinic

The new MIT Cybersecurity Clinic (11.274 and 11.074) will be offered in both the fall and spring semester at MIT.

The Cybersecurity Clinic will consist of four-modules : Cybersecurity for Critical Urban Infrastructure: Understanding the Problem; How the MIT Cybersecurity Clinic Makes Initial Contact with potential Client Agencies; Onsite Assessment of Cybersecurity Vulnerability by MIT Clinic Staff; and Prepare and Submit a Final Cybersecurity Vulnerability Assessment to a Client Agency. MIT students who want to take on field assignments with the Cybersecurity Clinic (for academic credit) must pass the certification examination offered at the end of the fourth module.

Students who have achieved certification, will work in teams supervised by advanced doctoral and post-doctoral students during the last nine weeks of the spring semester to collaborate with an assigned client agency to prepare a Cyberattack Vulnerability Assessment for a client agency.

Social Cyberdefense of Critical Urban Infrastructure

MIT Cybersecurity Clinic

Who We ARe

Resources

About this Blog

Recent Blogs