Security Central: Decryption Tool Released for Wildfire Ransomware, Companies Continue to Chase Cybersecurity Tails
This week’s Security Central explores the rapidly growing epidemic that is ransomware, the emergency security update released by Apple and the cybersecurity hamster wheel that companies seem incapable of escaping.
August 26, 2016
In the sometimes uphill cyberdefense battle, with hackers getting more cunning and advanced by the minute, it’s refreshing to learn this week that there are new tools that can aid in the fight against attacks, particularly concerning the most recent slew of ransomware outbreaks. Intel Security and Kaspersky Lab announced that they have developed a handy decryption tool designed to liberate files being held ransom by the malware dubbed “Wildfire.” What’s even better is that victims can get their files back without having to pay the demanded ransom. According to a recent ZDNet article, this is all part of the original No More Ransom initiative.
Wildfire is a version of ransomware similar to other forms plaguing users these days. Attackers unleash prompts that fool unsuspecting users into clicking malicious links in bogus emails, and then encrypt files or entire computer drives and demand payment from users for getting those files back. Talk about adding insult to injury.
Wildfire is spread the same way, but this particular strain was aimed at victims located in the Netherlands and Belgium, with the nasty software targeting Dutch speakers. The emails received were written in “flawless Dutch” according to Jornt van der Wiel, a security expert with Kaspersky Lab’s Global Research and Analysis Team. The emails appear to be from a transport company informing the receiver of a missed package delivery, encouraging the user to fill out a form meant to reschedule the delivery for a different date. This of course is how the malware is installed and wreaks havoc on the victim’s system and files.
The price for releasing these stolen files? Victims were told to pay 1.5 bitcoins, or around $870, to rescue their files. According to an article by Fortune, around 5,300 people were successfully targeted within the span of a month. Intel and Kaspersky coordinated with the Dutch police and the European Cybercrime Centre to take out the servers that were distributing the malware and worked to develop the decryption tool that is now available for download.
“The seizure of the Wildfire decryption keys proves again that fighting cybercrime, especially ransomware, is more successful through collaboration,” John Fokker, the Digital Team Coordinator of the Dutch National High Tech Crime Unit said Wednesday in a Threatpost article.
In other defense news, Apple just released an emergency security update for iOS devices meant to patch three major vulnerabilities that were discovered by security firm Lookout and cyber research group Citizen Lab. The two groups have dubbed the vulnerabilities “Trident,” which essentially allow attackers to take full control of iPhones with a single click. Scary stuff, considering that mobile devices have essentially become extra appendages for the vast majority of us and are integrated into our lives in countless ways.
According to Mike Murray, vice president of security research at Lookout, the Trident weaknesses were being exploited by a software package called “Pegasus,” he told ABC News. Murray also stated that the software was being aimed at “high-value” targets, such as human rights activists, journalists and other persons of interest.
A third party was key in identifying the vulnerabilities. Activist Ahmed Mansoor contacted researchers when he received suspicious text messages prompting him to click on links that would provide information and “secrets” about torture and abuse in jails in the United Arab Emirates. Rather than taking the bait, Mansoor sent the messages straight to Citizen Lab researchers, according to a blog post by Lookout.
Apple released the iOS update yesterday in response to the discovery of the vulnerabilities. “Apple has been highly responsive, and has worked very quickly to develop and issue a patch in the form of iOS 9.3.5, approximately 10 days after our initial report to them,” stated a post by Citizen Lab. “Once an iPhone is updated to this most recent version, it will be immediately protected against the Trident exploit chain used in this attack. While we assume that NSO Group and others will continue to develop replacements for the Trident, we hope that our experience encourages other researchers to promptly and responsibly disclose such vulnerabilities to Apple and to other vendors,” Citizen Lab researchers note.
Murray also marveled at Apple’s speedy and efficient response. “For a company like Apple to turnaround a patch in 10 days it’s very impressive,” he said. “I know the folks at Apple have had some late nights.”
To wrap up the week, we take a look at the almost comically large hamster wheel that is enterprise security. According to an article by Computerworld, private sector companies around the world spent more than $75 billion on security software to protect their systems. According to several analyst firms, that number is expected to grow about 7 percent annually, despite all the spending. Which begs the question, is all the money being thrown at cybersecurity efforts making any sort of impact? Is it doing the job in making networks and sensitive data any safer?
Analysts don’t have a good answer for that one, but the consensus is overwhelmingly “no.” The main reason points to, you guessed it, ineffective and out of date software. Gee, where have we heard that before…
The list of concerns analysts have cited will come as no surprise. They include things like the lack of security analytics tactics being implemented to watch for and detect abnormalities and flaws, the growth of the cloud and insufficient security software and protective policies.
“Companies are worse off by 100% [with cybersecurity] compared to 10 years ago because the world is more complicated now,” stated Gartner analyst Avivah Litan. “We are safer in a way, but criminals — the advanced ones– can still get through. Companies have definitely raised the cybersecurity bar, but criminals can keep going higher than the bar. It’s a cat and mouse game, and when you put in a trap, they find a new technique.”
Litan also stated that even though billions of dollars are being funneled into things like signature-based antivirus software, today’s savvy and increasingly advanced criminals can still hurdle the walls we’re attempting to put up.
“Attacks will surely get worse, even as cybersecurity software improves,” Litan said. “There’s a hotbed of innovation, even though people don’t focus enough on security. Basic technology must be put in place. We all really live in a bad neighborhood and we all need locks on the doors.”