Abstract

Just as how Technology adapts and changes at a fast rate so does the technique that cyber criminals use to attack systems. The introduction of new technology also introduces new opportunities for cyber criminals to strike. It is the ying and yang of the cyber security world and it creates challenges that cyber-security professionals have to overcome. Weak passwords have always been in an issue in cyber-security. Especially when access control is brought up, the reason is mainly because they are easy targets for many different attacks. Recently, cyber-security criminals have not been able to extort weak passwords that much. By combining known attacks like brute force with a new type of malware called ransomware. Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cyber-criminals. Brute force and remote desktop attacks have become the most common means of cyber criminals to spread ransomware. Surpassing phishing emails and spam as the top technique. Many high-profile incidents prove the damage can be done even when the whole system is encrypted. Ransomware attacks have grown into a huge issue and now weak passwords are aiding in the distribution of ransomware.

Recently Ransomware has gained a lot of attention in the cyber-security world. Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cyber-criminals. There are three different types of ransom where that is used by attackers, but out of three two are of these are actually used against business. The ransomware that will just lock you out your computer or the ransomware that will lock the users out and encrypt all the data on the system. The form of currency that cyber criminals prefer is concurrency such as bitcoin. According to Kethineni, S., Cao, Y., & Dodge, C. (2018) “The seemingly invisible nature of this cryptocurrency makes it difficult to identify who is using them and what they are buying” (p.4). Many organizations will pay the ransom while never disclosing the fact that they were attacked. For a Major company an attack like this can bring bad publicly and cripple the organizations’ reputation and stability.

Ransomware was introduced in 1989 but it wasn’t until 2012 when ransomware spread worldwide. The U.S. department of justice described ransomware as a new model of cyber-crime with a potential to cause impacts on a global scale. Palozza, F. (2018, October 15) explained “that the annual ransomware-induced costs, including the ransom and the damages caused by ransomware attacks, are most likely to shoot beyond $11.5 billion by 2019” (p.1) There is a long list of damages that ransomware can cause after the attack. The list of impacts are loss or destruction of crucial information, business downtime, productivity loss, business disruption in the post-attack period, damage of hostage systems, data, and files and the loss of reputation of the victimized company. The global introduction of ransomware has had a huge impact on the daily operation of many businesses.

The distribution method of ransomware used by cyber criminals was only emails phishing. Now cyber-criminals have developed a new method for the spread of ransomware, it is the systematic attack of weak password. Cyber-security professionals are no strangers to dangers of weak passwords. No matter how much education is given to end users about the importance of secure passwords this issue seems to never vanish. User still use password like name123, fluffy123 or even worse a password like 123456. Weak passwords create a vital opportunity to breach a large system, and cyber criminals are now using this as a way to spread ransomware. According to Traina, L. (2016) “And not only do people use simple, weak passwords, but they also often use the same one for everything, further magnifying the risk” (p.60). This new method of incorporating weak passwords into a ransomware attack. Is conducted into a two phases operation that works efficiently.

The first step in this method is to the figure out the password of every user with in an organization. The cyber-criminal will first use two widely known attacks the brute force attack and also the Remote Desktop Protocol (RDP) attacks. According to Palmer, D. (2019, September 12) “brute-force attacks are the primary choice for hackers because it works, we’re seeing that there is an abundance of accounts that have way too many insecure and weak passwords” (p.1).  Brute force attack will target one user name and try millions of password combination until a correct match is found. Remote Desktop Protocol (RDP) are conducted the same way the attacker will try to guess to usernames and passwords in order to gain access remotely controlled endpoints.

Once the attacker has gained access to the system they can infect the system with their ransomware. There six phases that take place during the ransomware attack once they are in the system they are at stage 2 penetration. Next fornication protecting assets have been compromised, next the stage infiltration will begin the attacker will gather and compromise high value target. The second last stage is the spoliation where the attacker alters documentations and reduce restores effectiveness. And finally, the attacker will encrypt everything, wipe archives and issue out the ransom demands. At this point is very little that the organization can but follow and fulfill the demands of the attacker. These large compromises that have such a negative impact on an organization can stem from something as simple as a weak password. Weak passwords being an issue of its own shows no real signs of every going away or correcting itself, increasing the appeal of this method of spreading ransomware to cyber criminals.

Ransomware attacks have more than double since 2018 and new stains are being produced. SamSam is a new strained that has attacked hospitals, transportation systems, government institutions, companies and individuals. One of the most recent SamSam attacks took place in Indiana where a regional hospital Hancok Health was breached. Hancock Health had to pay 55,000 $ in 4 bitcoins to the attackers in order to gain information back. The Network Attached Storage (NAS) was warned to watch out for password ransomware attacks. Because affiliated companies of the vendor were also compromised. According to Naked Security (29 July 2019) “the campaign involves trying lots of commonly used passwords on internet-connected NAS boxes. The attackers hope that eventually they’ll hit on a password that allows them the access necessary to encrypt the data on it” (p.1) At first the company thought the breach may come from a vulnerability with the system. After long analysis of the ransomware they realized that the attacker was using a simple brute force attack.

Ransomware has always been a problem in cyber-security, same goes for weak passwords. Recently the combination of brute force attacks and ransomware has become a huge. The number off attacks have double because using weak passwords to gain access to a system is simple and easy. Many end users and organizations still use default passwords or create weak passwords. Cyber-criminals see the value in weak passwords because the issue is here to stay. Allowing Cyber-criminals to become more creative in developing and executing their attacks. Many different industries and organizations have fallen victim to this type of ransomware. Billions of dollars have been paid to cyber criminals and the year hasn’t even ended yet. As more organizations become more technology based new opportunity for compromise will emerged. Organizations need to spend more money on cyber-security to help build awareness with the organization. The issue of weak password and default password should be broadcast to everyone. Spending more money  on cyber-security in order to protect the organization is a minor price to pay compared to being breached.