Analysis from endpoint security firm SentinelOne has found just how fast and efficient it is for cyber criminals to make money using ransomware.
According to the research, the CryptXXX developers received 70 Bitcoin from 61 ransom payments – about $50,000 – between June 4 and June 21.
CryptXXX emerged over two months ago and has already been seen in numerous infection campaigns associated with dominant exploit kits (EKs), such as Angler and Magnitude.
“With this kind of success, it’s likely we’ll continue to see this family and other ransomware families continue to grow and evolve,” SentinelOne researchers wrote. “Some factors which may contribute to this are the increasing reliance on computers to store and process valuable information and the increasing popularity of Bitcoin which is semi-anonymous, works globally, and is difficult to regulate because it’s completely decentralized.”
Ransomware works by getting into a computer system and encrypting files. Money is then demanded for the key to decrypt them.
Firms need to ensure they deploy cybersecurity best practice
In order to protect your organization from the sort of vulnerabilities that leave you open to ransomware infection, you need to implement and maintain a best-practice ISMS (information security management system). ISO 27001 is the international cybersecurity standard, providing a holistic approach that covers people, processes, and technology.
Certification to the ISO 27001 standard has seen a steady increase in the US over the past eight years: According to the latest ISO survey, certification grew 17% between 2013 and 2014.
More and more American businesses are finding the benefits of certifying to ISO 27001, including achieving a globally acknowledged mark of compliance, winning new business and reassuring existing customers, protecting their reputation, and meeting multiple compliance requirements.
If you are new to ISO 27001, we recommend you download our free green paper, “ISO 27001 & Information Security”. It answers the basic questions about information security and ISO 27001, such as how the Standard helps organizations manage their information security more effectively, how to initiate an information security project, and the value that certified conformance to ISO 27001 provides. It also points to online resources and tools that are useful to anyone tasked with leading an information security project.