What Is The Reason Why The Ransomware Threat Is Not Going Away Any Time Soon?

NotPetya_But_WiperIt's KnowBe4's general policy to not mix business with politics or religion. However, sometimes geopolitics—which focuses on political power in relation to geographic space—is the only thing that explains a particular and persistent problem. A good example would be the trouble in the Middle East and its complex relationship to Oil.

However in IT, one of the major problems is ransomware. Why is it here to stay, and will likely not get any better the next coming years? There are three main factors at work here, which we'll go into separately below:

  1. The Crypto Crime Wave
  2. The Decline and Fall of the Antivirus Empire
  3. Vladimir Putin 4.0

The Crypto Crime Wave

The first weapons-grade ransomware strain called CryptoLocker was first spotted in the wild September 2013, developed by evil genius Evgeniy Bogachev, who by the way still roams out there freely. You can only imagine the air cover he must be getting, having literally caused hundreds of millions of damage.

Fast-forward to today. May 2018, the WSJ reported: "The Blockchain Intelligence Group Inc., which makes software that tracks cryptocurrency use, estimates illegal activity accounts for about 20% of the transactions of five major cryptocurrencies—bitcoin, Monero, Zcash, ether and litecoin—or about $600 million each day.

Researchers working at the University of Sydney used artificial intelligence to identify cryptocurrency transactions consistent with criminal behavior and estimated $72 billion of illegal activity last year using bitcoin alone."

Headline-grabbing arrests and seizures have done little to slow the flow. Last year, $660 million in bitcoin was sent to darknet marketplaces, up from $57 million in 2012, according to Chainalysis. Moreover, cybercrime uses "mixers" or "tumblers" to further anonymize bitcoin they received, or completely move from bitcoin to Monero, a currency which its website calls “secure” and “untraceable,” and uses an architecture that hides the sender, receiver and amount of transactions.

We all know the upshot. Despite the possible future advantages of cryptocurrencies, there are major disadvantages that the bad guys are exploiting today and it is not getting better.

The Decline and Fall of the Antivirus Empire

Cybercrime is bypassing antivirus left, right and center, mainly because today the bad guys mostly rely on social engineering and phishing attacks which manipulate the employee to let their malware in the network.

SentinelOne's new Global Ransomware Report 2018 found that ransomware is now the new normal and something that more than half (56%) of companies have faced in the past few months. That's up from 48% who said the same thing in the firm's 2017 report.

Next-gen Endpoint Security 

Another SentinelOne survey result confirms what leading security experts have been saying for a while now: 52% of IT Pros have lost faith in antivirus and 44% agree AV is dead. The only way to better protect endpoints are much more advanced—and expensive— next-gen products like Carbon Black, Endgame, Crowdstrike Falcon, and Fireye.

Here is a video interview with the always entertaining John McAfee who just said: “Anti virus software no longer works”, “most hacking is social engineering”. Fast forward to 9:24: https://www.youtube.com/watch?v=WBgFGwJA1D0

The only two traditional AV products that are hard to bypass by professional hackers are Symantec and Kaspersky, with the latter tainted by a recent US government purge from their networks because of Kremlin infiltration.

Which brings us to item No. 3

Vladimir Putin 4.0

Anti-Putin crusader and author Bill Browder, an Anglo-American businessman with deep and harrowing ties to Russia, said in the WSJ: "'Russia has created a system where evil people get rewarded and good people get crushed. It’s almost like the Soviet Union all over again.

Back then, if you weren’t a member of the Communist Party, you were excluded from all privileges. Now, if you’re not a member of the criminal enterprise, you’re excluded from all the valuable things in life.' By 'the criminal enterprise, ' Mr. Browder means the Putin regime: 'The mistake everybody makes about Russia is they think there’s the mafia and there’s the government. It really is one and the same thing.'"

Browder continued: "We have Putin 4.0 now, it doesn’t matter if it’s his fourth or fifth term. None of the mechanical electoral processes are relevant.” There are, Mr. Browder says, only three ways it can end: “One, he’s killed in office. Two, he’s overthrown. And three, he dies of natural causes.” Mr. Browder’s bet is on natural causes: “He will stay in power till he dies. That’s the only way he can protect his money.”

John McCain: ‘Vladimir Putin Is an Evil Man’

US Senator John McCain recently stated, again in the WSJ: "Vladimir Putin is an evil man, and he is intent on evil deeds, which include the destruction of the liberal world order that the United States has led and that has brought more stability, prosperity and freedom to humankind."

McCain continued: "He is exploiting the openness of our society and the increasingly acrimonious political divisions consuming us. He wants to widen those divides and paralyze us from responding to his aggression. He meddled in one election, and he will do it again because it worked and because he has not been made to stop. Putin’s goal isn’t to defeat a candidate or a party. He means to defeat the West." (*)

Forced To Cut Down On Military Spending

Now that Putin got his fourth term in office, he is forced to cut down on the Russian percentage of the GDP spent on defense.

Business Insider reported: "A survey last month by the independent Levada Center found that at least half of Russians appreciate their country's return to 'great power' status. But 45% fault Putin for "failing to ensure an equitable distribution of income in the interests of ordinary people," up from 39% in March 2015 when the last survey was conducted.

Another poll by the state-funded VTsIOM agency confirmed that Putin's personal approval rating is at a near all time high of 82%. Paradoxically, at the same time almost 90% of respondents said the country needs some degree of reforms, while just 2% said they didn't think any changes were necessary.

In response, during his fourth term as the president of Russia, Putin declared his intentions with the 'Russia First' program. The funds allocated to Russia's military department will be reduced, and the money will instead be used to enhance healthcare, education and infrastructure.

The projected surge in spending on roads, education, and health care will have to be paid for. Most analysts agree that the share of military spending as percentage of GDP is set to fall, from 6.6% in 2016, to 5% this year and to 3% by the end of Putin's current term in 2024.

Analysts say there could be another dimension to Putin's new focus on domestic development: fresh efforts to mend fences with the West. He apparently wants his cake and eat it too. 

"There is no doubt that Putin wants better relations. His liberal advisers tell him the restoration of economic growth requires an easing of sanctions and better access to Western finance and technology," says Alexei Mukhin, head of the independent Center for Political Information in Moscow.

"But that's easier said than done. What to do about Ukraine? In fact, most of our leaders have already adjusted to the permanence of sanctions, and the reality of isolation. The new program of development will simply work within that virtual state of war with the West. It's our new normal."

RELATED ARTICLE: These 4 Maps Will Make You Understand Russia's Aggressive Cyber Attacks

Which bring us directly to the FSB and the GRU

Which bring us directly to the FSB (KGB's successor) and the GRU, Russia's military intelligence apparatus which is 6 times larger than the FSB. Compared to modern meat-space military expenses, cyber-space attacks are incredibly cheap and an effective way to wage asymmetrical warfare. It fits right into Putin's background as a KGB operative.

He created his personal network in Leningrad (renamed to St. Petersburg) there, consisting of political allies, his personal security people, and Russian Organized Crime (OC). The group he created around him, is the same as the one today that brought him to power

From the beginning, Putin and his circle wanted to create an authoritarian regime, (call it a modern Stalinism really), ruled by a close-knit cabal with the interest to only enrich themselves, and not create a real democracy. The cabal consists of former KGB, mafia, and political and economic forces that joined together.

They claim to be devoted to Russia and did this to save her, but they are more devoted to their personal survival and prosperity. The whole enterprise is being bolstered by oil prices and state control over almost the entire media space.

RELATED ARTICLE: Why All This Russian Cybercrime in Five Minutes

It started out with the KGB moving all the Communist Party's vast financial reserves offshore, absorbing the Russian mafia and using them for black ops as a price for operating on Russian territory. At the same time, the KGB created hundreds of companies and several banks inside and outside of Russia to launder money. Good examples are the Bank Russia, and energy company Gazprom. Putin's cronies were put in charge of many of these, and many of these people have become billionaires. Their price? Total loyalty and like the mafia, silence: "Omerta".

A top-down corruption scheme was hatched that truly starts with Putin

To make all this happen in an invisible way, a top-down corruption scheme was hatched that truly starts with Putin and then goes all the way down to low-level government employees. You only get into Russian government by paying for it, and then get rewarded via "tribute" payments.  The system put in place by Putin causes the Russian economy to be badly hamstrung because their is no technical innovation, except in cybercrime where the innovation is furious.

Russia scores very high in overall education, but the well-trained young graduates only have three choices: go abroad, start working for the corrupt government, or go into cybercrime. The third option pays very, very well and many take it.

Organized crime in Russia is enabled by the Russian government

The long and short of it is that organized crime in Russia is enabled by —and in some cases part of—the Russian government, and has moved into cybercrime in a massive way, ransomware like CryptoLocker and CryptoWall being a good example. Now and then the cyber mafias are used by Putin as a resource to harass countries that get into his way and get air cover the rest of the time.

Since they are thousands of miles removed, the major ways these bad guys can penetrate your systems are limited:  

  1. Badly configured servers and workstations
  2. Known and unknown vulnerabilities in software
  3. Social engineering 

That's why stepping your users through new-school security awareness training is such an important part of your defense-in-depth. 

Cybersecurity has moved from tech to a CEO and Board-level business issue

You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber warCybersecurity has moved from tech to a CEO and Board-level business issue.

I strongly suggest you get a quote for KnowBe4 security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters have a 10-15% failure rate. Get a quote now and you will be pleasantly surprised.

Get A Quote

Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc


 (*) These quotes are from a WSJ essay, adapted from Sen. McCain’s new memoir “The Restless Wave: Good Times, Just Causes, Great Fights and Other Appreciations,” which will be published on May 22, 2018 by Simon & Schuster.)


Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews