Lessons from the Burrp AttackStrategies to Defend Against Ransomware Surge
A recent report from Norton reveals that Burrp, the Indian restaurant rating website, was compromised to deliver a dangerous ransomware to its visitors' computers. The website redirected visitors to the Angler exploit kit, which downloaded the TeslaCrypt ransomware to their systems. In the process, the cyber criminals took over users' computers, encrypted their files and demanded a ransom for decrypting the files, according to the report.
See Also: The Essential Guide To Machine Data
The site redirected users to the exploit kit since February of this year. Most of the users who have been impacted by this attack are based in the U.S. and India. The report doesn't provide further details as to the number of consumers affected.
When ISMG reached out to seek details, a Burrp spokesperson, requesting anonymity, claimed that no user data was compromised, although confirmed the website was hit by the ransomware.
"We take privacy and security very seriously and understand that any such attack is stressful and frustrating to our users," the spokesperson said. "Last month, we were informed about the attacks on our website, and our security team has taken immediate actions to prevent any such future attacks. No user data was compromised, and we haven't witnessed any attacks for the past 20 days. We apologize for the concern and stress."
Security experts commenting on this latest incident say ransomware is clearly going to be the next big cybersecurity challenge in India. It has been spreading like wildfire, affecting hospitals, schools, courts and even some of the so-called "safest" devices like Mac.
"Ransomware attacks are growing in numbers because it is becoming easy for criminals to execute this attack and victims (usually) have no choice but to pay," says Dinesh O Bareja, Principal Advisor & Consultant, Pyramid Cyber Security & Forensic. "Besides, anyone who falls for the attack is a paying victim."
It's not just companies that are being targeted by this malware. Like in the case of Burrp, besides enterprises, consumers are also falling prey to unknown ransomware attacks.
Symantec's Internet Security Threat Report 2015, supports the argument, indicating that India stands third in Asia with total number of 60,000 ransomware attacks per year and, on an average, 170 attacks per day. In fact, a staggering 86 percent of attacks in India were crypto-ransomware, which affected end-users who transit in and out of the infected networks.
"While all types of companies are on the cybercriminals' radar, small and medium enterprises face more attacks due to their limited wherewithal to counter such attacks," says a security expert at Symantec, requesting anonymity. "Through such targeted attacks, the cyber-criminals attempt to extort payment from victims, as the nature of the attack makes it possible for them to infect the web portal along with the devices being used by its visitors," says the expert.
In addition, industry reports indicate that the tools used by the exploiters are becoming increasingly sophisticated. The latest version of Teslacrypt - the ransomware that hit Burrp - has closed an earlier encryption weakness it had. It was previously possible for victims to recover their files without paying ransom.
Experts say this is a form of APT attack where attackers are mostly in the network for as long as eight to nine months. And these attackers don't negotiate; they simply tarnish the reputation of the company.
Bareja reiterates, "The extortion rates also vary depending on whether the criminal was able to snare an individual or a corporation and also around what is held at ransom: IP, data or anything else."
There is no magic solution, but there are certainly strategies to deal with ransomware. Experts recommend a few imperatives:
- Users should refrain from paying the ransom; that only encourages and funds these attackers;
- Regular auditing and vulnerability assessments are mandatory, besides remediation of all zero day vulnerabilities on network devices/servers/computers;
- Use competent internet security technology for desktops (including heuristics, behaviour-blocking technologies).
Bareja says a silver lining to the problem could be that organizations may fast-track projects for data governance and effective backups with periodic testing.
"However, keeping an eye on the network for malware and enabling good security practices: two essential controls to counter the scourge of ransomware is inevitable," Bareja says.