Security Market Segment LS
Friday, 24 March 2017 07:56

Ransomware best marketing tool for A-V firms: expert Featured


Ransomware is often described using a single word: odious. But it has also become the single biggest marketing factor for the anti-malware industry, according to a senior member of this profession.

Trend Micro senior architect Jon Oliver (below, right) says that since the advent of the rash of malware — which he traces back to 2014, with a big increase in 2016 — there has been no need for scare tactics, commonly used in the tech industry, to boost sales.

Sales are booming, he told iTWire during a casual chat, in what appears to be a seller's market.

Ransomware is malware that infects systems running Windows and encrypts files. Typically, a ransom note then pops up on the system, indicating how much is to be paid and to whom, in order for the encrypted files to be decrypted.

Oliver said those who were profiting from ransomware had modified and refined their business model, though he said the way the code operated was much the same.

jon oliver vertical2For instance, on the messages that were displayed after file encryption took place, there were now often links to helplines which the victim could contact to understand how Bitcoin works.

Most ransomware attackers sought payment in this crypto-currency and anyone who did not know how to pay up would be made aware of the methodology.

Oliver said this would just be a general line that offered this kind of help to anyone for a fee, and hence it could not be targeted by law enforcement.

The one thing he had noticed in ransomware code was that in some cases it had been modified to encrypt just a portion of a file and not the complete file.

"This is standard behaviour for many ordinary functions when you are using a computer," he said. "And hence, your A-V software will not detect this as potentially malicious behaviour."

One strain of ransomware, known as Cerber, had gone through numerous mutations, Oliver said, adding that this was more a reflection of the fact that the authors were making money off it and could hire someone to make changes to avoid detection.

He said the business model of demanding payment had proved the most successful because it was the least complicated and had the lowest overheads.

"They (ransomware authors) could steal IP and then hawk it; that would take time and effort and open them up to being detected. They could try to transmit trojans and steal banking details, but then the bank could get involved and mean one more adversary to tackle," Oliver explained.

So the simplest method was to ask for money, explain how it could be paid, pocket the proceeds, and honour the promise of decrypting the victim's files without any fuss. It would also be easier to get a second victim to pay up without making a noise.

Additionally, ransomware authors generally picked targets that were not high-profile, he said. For example, small hotels and hospitals often had IT staff who were not as well qualified and savvy as those in, say, a large financial services firm. They would just want to get their systems back in working order.

While the ransom demand had, thus, to be kept to a smaller figure than if one were attacking a big company, it was much less messy and low-profile.

But even these low-profile attacks were doing what the ransomware authors intended, Oliver said: creating awareness that when ransomware struck, the best and quickest remedy was to pay the thousand or few thousands demanded and stay mum.

He said the ransomware authors were using Web hosts that were commonly used and then moving on when the possibility of being detected arose. They were even using Dropbox.

Ransomware attacks were helped by the fact that victims who were in businesses that transacted online would keep quiet about an attack, for fear it would affect their bottomline. Thus, it was difficult to find out the actual extent of attacks.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments