[SOUND] last year, we published a big paper on ransomware where we talked about the ransomware business model. We really sort of set the foundation for our understanding of ransomware, why it had become a huge problem for many organizations all around the world. So what do you guys think the future of ransomware is going to be? I know, we talked about this a little bit in the paper and it's only been a year, but what do you think is coming next? >> I think it's just going to keep growing. You're going to see as we're talking about more and more people getting into it. And as it becomes more of a thing where it's affecting more people, I think a lot more people are going to start seeing that as a valid way to make money. So you'll see that expand and I think it's going to get worse with some of the target because as you saw with this year, even before we're starting to hit places that really can't afford to have their data locked up, like hospitals at that point, you're holding people's lives for ransom, which is really horrible thing to do. But you can understand why they would target that because they really have no choice. They have to get that back and running. >> Absolutely. And it's a lot easier for an attack or if they do compromise a hospital to monetize that intrusion through ransomware, then by stealing a bunch of data, trying to find a broker to sell it to potentially getting arrested because they're selling a whole bunch of PII, this way, they just hold it for ransom, they get their money and it's a quick and easy transaction. >> Yeah, definite thing until it becomes unprofitable for these adversaries. They're just going to continue to grow and grow and grow now. What's kind of curious is if they'll continue to stick with Bitcoin as well. Now you have a whole bunch of other cryptocurrencies out there, ethereum are really hot one right now. Will they start switching to different currencies? That might be kind of interesting to see how that drives. Again the ransomware industry and then there's the whole idea of IOT, there's everything is being connected to the internet now into the cloud. Now obviously it's still extremely profitable for adversaries to attack endpoints but at some point maybe we figure things out and we make it unprofitable for them, are they going to start attacking IOT? >> And that's really a good point with a smart refrigerator, If I compromise that, there's only so much I can do to get money from you. I can't really docks you and sell that you're low on milk or something like that but if I can shut your compressor down so I'm going to melt your ice cream. I can display a ransom message to you on that screen that people have in the refrigerator sometimes. I might be able to get five or 10 bucks. Just let you keep all your food nice and cold. >> Or your car. >> Or your car. >> You even being able to get in your house with all the locks now that have their software base or your lights. Do you want to be able to have your lights turn on at night? >> And that's what we identified in that paper last year. The ransomware business model can work against anything that you can take control of. You can hold for ransom by explain a ransom message. You can accept a payment for it. That's a critical step. And you can return the device, the data, whatever it is, back to the victim. because if you don't complete that final step, the victims lose confidence. They don't think they're going to get their data back. Why are they ever going to pay? >> I think, traditionally ransomware has been very prevalent in a sort of a shotgun targeting approach. Like fire and forget, they don't really care who the victims are and then they have a large number of victims that they charge low ransoms with. What we have seen developing is deliberate targeting, not necessarily a specific target but of a vertical such as hospitals. What I think is going to come is hyper specific targeting. I think that you're going to find adversaries who are going to very carefully choose targets. They're going to spend time with their intrusion, spend time, with reconnaissance and finding out what is valuable to that organization and exactly how they can extort it. And I think that we're going to see that. And, if I'm an organization, I need to understand this is a threat to our face. >> Brian at the point you made earlier about potentially changing from Bitcoin to other cryptocurrencies. I think what might drive that, the reason that Attackers use Bitcoin beyond the anonymity is that they need their victims to be able to acquire it because if grandma can't find a way to get Bitcoin, then she's not going to be able to pay the ransom. So I think if we see a Cryptocurrency that evolves in as much simpler for just layman's who might be getting infected to figure out how to acquire it and make a transfer with it that might take off. >> I think that from a business perspective also we're going to see businesses start to understand that when they have a risk of getting a ransomware attack, what options do they have? Hey, do we have backups? Yeah. Do we have shredding as restore? Do we know that these work? Can we rebuild it or are we forced to pay? And I think that you're going to find it becoming commonplace that companies put into their disaster recovery procedures, how to get bitcoins that they have authorization to get Bitcoins and to have this part of a written plan. >> Yep, I think that's already happening. I think there's Bitcoin slush funds out there for IR Firms just to prepare just in case they have to. But backups are absolutely the best way to combat ransomware because every organization might be impacted, they might have one system that gets compromised. And if you want to ensure you've got safe data, you gotta keep it- >> I would beg to differ, though I think, that's a good way to recover from a ransomware attack. I think the best way to combat it is to prevent it in the first place. >> Absolutely, 100% is a good goal. >> [LAUGH] >> You guys have any other thoughts on ransomware you want to share. >> I still find it really entertaining that they have some of the best customer service. >> Absolutely. >> Even more so than a lot of legitimate companies and they have to, to get paid, but it's just, it's kind of ironic to see that this is a criminal business model and a lot of cases they're much more responsive and much more helpful. >> One of the things that I've noticed is that there's a disconnect between physical ransom for kidnapping and logical ransomware. From a legal perspective, in many areas, it's actually illegal to pay a kidnapper, law enforcement is being quite quiet on the legality of paying ransom. So maybe this is something that we're going to hear more about. Hopefully you found that interesting, check out the UNIT 42 blog for more information on ransomware, we're continuously publishing new data, new information on the threats that we identify.
