What is Ransomware?
Ransomware is malicious software that is used to gain access to the victim’s computer. The aim of such attacks is to encrypt data or block the complete use of the computer in order to demand a ransom. Only after payment of the ransom is the respective data then decrypted again or the computer unlocked, maybe: In general, we advise against paying a ransom.
Technische Universität Berlin, Berliner Kammergericht and Landkreisverwaltung Anhalt-Bitterfeld
Numerous examples show that the consequences of a ransomware attack can be massive: The attack on the systems of the Technische Universität Berlin paralyzed the central IT systems for weeks. Even if a ransom demand fails to materialize, the damage caused by data leakage can be immense, as can be seen in the attack on the Berliner Kammergericht or the first cyber German disaster in the Landkreis Anhalt-Bitterfeld.
Phishing-as-a-Service was only the beginning
However, the examples mentioned are manually created and prepared attacks. As described elsewhere, it is becoming increasingly difficult to detect phishing: Artificial intelligence makes phishing scalable. Artificially generating credibility using AI-based tools has become the norm. AI-generated phishing emails are coherent and compelling.
While the AI-based creation of phishing emails was the focus of a scientific investigation in the aforementioned article, it is now all the more a topical, alarming and, above all, real-life issue: with software such as WormGPT, the generation of phishing and other scam emails is now bookable as a service. This allows any criminal to generate convincing and strategically thought-out phishing emails, in seconds and in numerous languages.
Chatbots without conscience
Every technical development has its downsides. Individual voices even claim that the Internet was a mistake. As we have already shown, even ChatGPT can be used to generate phishing emails, for example to use the Business Email Compromise (BEC) method.
OpenAI (the company behind ChatGPT) is making efforts to prevent the misuse of their AI chatbot. But those efforts appear to be in vain: WormGPT is based on the GPT-J language model, which was developed two years ago as an open alternative to OpenAI’s then-current GPT-3.
According to David Kelley of the IT security firm Slashnext, WormGPT is currently being discussed in the relevant forums and is explicitly recommended for fraud attempts. WormGPT is said to have been trained with “malware-related data”. Interesting, or rather frightening, is then the statement that it has no “moral constraints”.
So is WormGPT a chatGPT without conscience or limits? Maybe – but at least tools like WormGPT lower the entry threshold for criminals, and they increase the flood of phishing attacks.
What is Ransomware-as-a-Service?
Ransomware-as-a-Service (RaaS) is a business model in which IT services are rented out. Similar to Software-as-a-Service (SaaS), for example Microsoft Office or other rentable software services, these services are rented for a monthly fee.
Full service for criminals
There are different variants of RaaS models: The respective providers can charge a monthly fee (subscription-based model) or collect a percentage of their customers’ profits (affiliate programs). Likewise, mixtures of the models or the payment of a one-time fee are possible. Financial transactions mostly use cryptocurrencies such as Bitcoin.
It becomes clear that users of RaaS offerings do not need to have any technical expertise: they simply use the infrastructure of the respective provider, who also takes over the complete execution of the attacks, including the handling of ransom payments. But other services such as technical support, user forums or assistance with ransomware negotiations are also frequently offered.
To get malware onto victims’ computers, contaminated email attachments can be used, for example. Once the malware has successfully infected a computer and encrypted data or locked the computer, the extortion attempt can start.
So with Ransomware-as-a-Service, anyone with enough criminal energy can afford their own cyberattack. Simply rent the desired service on the Darknet.
How can you protect yourself from ransomware?
Check the sender reputation
Evaluating the sender reputation of emails offers an effective way to prevent phishing attacks and thus ward off extortion attempts. This prevents malicious code from reaching your computer in the first place.
Analyze attachments and URLs
NoSpamProxy enables attachments in Word, Excel or PDF format to be automatically converted into harmless PDF files based on rules. In the process, any malicious code that may be present is eliminated and the recipient is thus delivered a harmless attachment. Many other formats, such as executable files, can be detected so that the attachment is blocked or the entire email is rejected.
The URL Safeguard rewrites URLs in inbound emails so that at the time the user clicks on them, they are checked again to see if there are any negative assessments for this URL. This increases security because some attackers change the destination of URLs several hours after they are sent. The URL Safeguard can be configured individually and activated only for unknown communication partners, for example.
Use 32Guards
32Guards in NoSpamProxy collects and analyzes metadata of emails and attachments. The data from the numerous distributed NoSpamProxy instances is bundled centrally, detecting suspicious trends at an early stage.
Since 32Guards does not look at the whole email, but only the metadata, it is effective against AI-based phishing: it unerringly detects phishing links and the underlying patterns as well as dangerous attachments.
Not yet using NoSpamProxy?
With NoSpamProxy you reliably protect your company against cyber attacks. Request your free trial version now!