We caught up with Bitdefender’s senior e-threat analyst Bogdan Botezatu at this year’s Infosec show to find out about the rise of DIY ransomware kits and what can be done to combat them.
What is Bitdefender working on right now?
We have a new technology that we’re showcasing. It’s call HVI, or hypervisor-based memory introspection. We’ve developed it along with Intel and Citrix. It took about five years in the making.
Basically, it allows us to better secure virtualised environments. Up until now, when you used security in a virtualised environment you installed a small agent on every virtual machine that you’re running, which slows things down. It’s also not a safe implementation of security.
When we started focusing on virtualisation we said ‘hey, lets take a step back and rethink it a little bit’. And what we’ve done is take security out of the virtual machine. It still runs on the same server, but communication is not done by the same agent, it’s via the hypervisor.
That’s our biggest break through this year and probably the biggest break through in the industry because there’s no other company doing that right now.
What about on the consumer side of things?
There’s an increasing focus on ransomware. There are a lot of individuals operating their own strain of ransomware. So we looked into that and thought ‘how can regular people get so good with writing code and malware?’
We did some research that revealed that people actually buy DIY ransomware kits, which are basically computer programs that have a couple of forms asking things like ‘what do you want your ransomware to be called?’, ‘How much money do you want the user to pay to get their information back?’, and ‘What bitcoin wallet do you want the ransom to be paid into?’. You just press a button and you have your own strain of ransomware.
It’s amazing. It’s something that has been reserved for very skilled hackers, which has now become mainstream.
This puts a lot of pressure on ourselves as a security vendor because we’re now having 14 million new pieces of malware every month to deal with. And it only takes one to get through your security and you lose all of your information.
Is that one the biggest issues you’ve seen recently in the security space?
Yes. If you were to associate it with something, it would be cancer. There’s no cure, it’s prevalent, and it destroys organisations.
We cannot find a workaround to help people gather information back without paying because the ransomware creates two keys, one is used for encryption, which never lands on the victim’s computer, it’s only used on the attacker’s server. In order for you to get it, you have to pay the money. But if you pay the money, you’re actually empowering the cybercriminal. You’re delivering the revenue they’re expecting.
How much money are these ransomware hackers making?
In 2014, they were making around $25 million in half a year. Now they are making about $1 billion in that time.
Now our mission is not just to protect and prevent the infection, but to educate the user about what to do when they fall victim to ransom. What we’re trying to make people understand is that backups are critical. If your computer has fallen victim to ransomware, you can restore from backup and get all your information back and you’re not helping the cybercriminals earn their money.
These businesses will end when they’re not making enough money. If they become unfeasible they go away. It’s very simple.
What are your predictions for the future of malware?
I think cybercriminals will eventually move away from attacking computers and start to target medical appliances.
How would you like your pacemaker to be held at ransom and if you don’t the money, you can’t use it? Or worse, the cybercriminals could misuse it.