How attackers are using Shodan.io and Hydra to spread ransomware for fun and profit

Ransomware is essentially malware that encrypts data and holds the key for ransom. Organizations that find themselves victims of ransomware are required to either pay the ransom (typically several thousands of dollars in the form of cryptocurrency, which can present it’s own challenges) lose their data or restore from backup (if they have one). For the attackers, it’s a profitable venture with little risk and there’s no hint yet that that’s going to slow down. Ransomware damages have risen from an estimated $325 million in 2015 to $5 billion in 2017 and are estimated to climb to $11.5 billion in 2019. For the intended victims, it’s critical to understand the threat and take reasonable measures to defend yourself and your organization.

One attack surface that seems to be gaining popularity with attackers and very easy to close is having Remote Desktop available directly from the Internet with no controls to prevent or even detect brute force attacks. Nathan Underwood will be giving a talk at DC770, demonstrating the ease for attackers to find and exploit systems with Remote Desktop exposed and offer some mitigations including using a VPN, strong passwords, account lockouts and alerting when a potential threat is detected. This talk won’t go into the details or cryptocurrency or of the various types or strains of ransomware but will focus on the Hydra online brute forcing tool and one method attackers are able to chain together tools to identify and qualify potential targets and then easily exploit them for fun and profit and some of the easy ways organizations can protect themselves from this threat.

Misc / Errata
– The cost of ransomware – https://www.csoonline.com/article/3237674/ransomware-damage-costs-predicted-to-hit-115b-by-2019.html
– What is Ransomware – https://en.wikipedia.org/wiki/Ransomware , https://www.csoonline.com/article/3212260/the-5-biggest-ransomware-attacks-of-the-last-5-years.html
– What is cryptocurrency – https://en.wikipedia.org/wiki/Cryptocurrency
– DC770 – https://dc770.org

Leave a Reply