Money Wasn’t Their End-Game…
Combined, WannaCry and NotPetya, the two global attacks that hit the world in the last 90 days, received payouts of approximately $150,000 USD. To some it may sound like a lot – but to cyber criminals, that’s nothing. WannaCry and NotPetya were not in corrupting company data with the end goal being a major payday. If it were, WannaCry would have increased the ransom demand within the ransom notes, and NotPetya would have not corrupted the master boot files beyond repair. NotPetya also would not have waited weeks after the attacks to release a major ransom demand. Regardless of their end-game, both malware variants successfully brought some of the world’s largest companies to their knees.
…But for Many It Is
Forbes recently released an article confirming two different ransomware variants, Cerber and Locky are raking in $1.2 million USD a month in ransom demand payments. I’ll give you a minute to let that sink in.
One point two million dollars, per month. Now that’s some serious cash flow.
For those who may not be aware — both of these ransomware variants are not new. They’ve actually been around for quite some time. However, they’re still generating a ton of cash on a month basis. How?
Ransomware can change every minute. There are several different versions of Cerber and Locky. The malware authors have to continuously change them in order to continue to bypass traditional antivirus software. Although this may sound like a lot of work for the cyber criminals — it really isn’t. All it takes is changing one line of code and it’s a “new” version. Some cyber criminals even have the process automated, making the ransomware polymorphic — or changing continuously to avoid security solution detection.
Keeping Your Data Safe
Traditional antivirus solutions will not effectively keep your data safe against polymorphic viruses, and unknown malware threats. Why? Because traditional AV solutions use a blacklist as its primary method of malware detection. This means, all unknown files are treated as safe until proven otherwise. The problem is, all of these new malware threats are all “unknown” until proven harmful. Therefore, blacklist security solutions allow them to run.
Whitelist security solutions treat unknown files as bad until proven good. Therefore, malicious files will not execute because they have not been proven safe.