Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News
SYS-CON.TV
Cloud Expo & Virtualization 2009 East
PLATINUM SPONSORS:
IBM
Smarter Business Solutions Through Dynamic Infrastructure
IBM
Smarter Insights: How the CIO Becomes a Hero Again
Microsoft
Windows Azure
GOLD SPONSORS:
Appsense
Why VDI?
CA
Maximizing the Business Value of Virtualization in Enterprise and Cloud Computing Environments
ExactTarget
Messaging in the Cloud - Email, SMS and Voice
Freedom OSS
Stairway to the Cloud
Sun
Sun's Incubation Platform: Helping Startups Serve the Enterprise
POWER PANELS:
Cloud Computing & Enterprise IT: Cost & Operational Benefits
How and Why is a Flexible IT Infrastructure the Key To the Future?
Click For 2008 West
Event Webcasts
Ransomware Evolution | @CloudExpo #InfoSec #DataCenter #Security
What You Should Know About Ransomware Evolution

Initially, we came across ransomware which exploited the entire system and just restricted you from interacting with your own device, later on requiring you to pay dollars if you want to go back and use your computer.

And then it started becoming obsolete because an end-user. People were asking themselves: “That is my computer, would I pay $100 for it? If I don't really have data, I’d better format my PC and start all over again.” So, that strategy – locking access to computers, started becoming obsolete.  What did the bad guys do?  They realized that the previous strategy was only good when the data that computer was holding was valuable. So they started asking ransom for the data, and that's what they're doing now.

That was the evolution. It's the same thing with the same bad people doing that, evolving over time, and then we get a situation now where the bad guys are looking at the valuable part of the computer, which is the data. And now criminals are going after the computer data. They encrypt the information. They don’t pay attention when you are reaching out to some software tools on your PC. What is important now is that you won’t have the ability to open your files. Now if you need those files, if they are important to you, send money first.

Soб it's been evolving over time. The moment when someone reinvented the whole ransomware strategy and being successful with it, then everybody else in that same black hat industry started to do the same. It moved on progressively from one to the other cyber-criminal.

Encryption is an old tool, It's just putting data into a strong box and protecting it. I get your data, your personal stuff, in my strong box and say: "Hey, I won't give you the combination, just give me the money."  Is that a bad use of a safety locker?  It probably is. Does it mean that the technology is not doing its work? No, it's doing perfectly what it's supposed to be doing. It's a misuse. It's just that the bad guy is using it his way.

If you think that this is bad for the end-user, it's much worse for the corporation because at the end of the day, corporations host a lot of very important data. Private users have family pictures on their hard disk. If they lose them, they would be pained. Five years’ worth of pictures are gone, but ordinary people are not going to pay $3,000 to get those pictures back. But in a corporation, imagine salary data, financial data кthat is completely vital. Corporations need that data. In worse case scenario, if they have no backups, they have no other recourse other than paying. They will pay any sum because it's vital for the continued survival of the company. Much more is involved in a corporate scenario than in a home scenario.

At the end of the day, ransomware is not a very technically complex kind of malware. It's more of a concern because criminals are misusing a technology that is completely normal. We do have a lot of good things going. We have traditional detection. Traditional detection is a baseline. Then we can detect anything that looks vaguely like one of previous ransomware variants, even if it's vague, we can stop it and say: "This looks suspicious, stop that right there." And, more importantly, we have web reputation services, which means that any bad link that we already know of, because it's hosted on a bad IP.

What I might suggest for every person is to maintain a strong backup master plan and strategy. You should address ransomware as any other data corruption. Just as for any possible data loss, you should have a decent backup strategy available. Should you fail to have one, then you are susceptible to data loss. What if tomorrow your light goes off and your hard disk fails? What happens? Are you going to ask for any sort of compensation from the hard disk manufacturer or from the electric company? Maybe you would, but you are still screwed because you don't have your data.

About David Balaban
David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Latest Cloud Developer Stories
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchai...
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mo...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of...
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology sta...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in orde...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021



SYS-CON Featured Whitepapers
ADS BY GOOGLE