Ransomware , Technology

Battling Ransomware With Crowdsourced Threat Intelligence

Ransomware Gangs' Profits Still Booming, Say AlienVault Security Researchers
AlienVault's Javvad Malik and Chris Doman

It's boom time for the ransomware business as criminals continue to make easy cryptocurrency paydays via crypto-locking attacks.

"It makes perfect sense for a criminal - it's low risk ... and you're looking at a decent return rate on it, so it's a very attractive model. And we're seeing a lot more really organized cybercriminals really getting into that," says Javvad Malik, a security advocate at AlienVault.

Criminals are also diversifying into new business models, including open source ransomware and ransomware as a service, he adds.

To help battle these attacks, gathering and sharing threat intelligence is more critical than ever, says Chris Doman, a security researcher and threat engineer at AlienVault

"Ransomware is seen by so many people," Doman says, meaning that organizations that get hit first can alert others. "We found that one of our users had actually found the earlier version of WannaCry, which came out about a month before the one that hit the world really big. Bbefore the worm version, there was a smaller version."

In a video interview at the recent Infosecurity Europe conference in London, Malik and Doman discuss:

  • The ransomware business model;
  • Techniques for detecting breaches faster;
  • AlienVault's Open Threat Exchange.

Malik, a video blogger, formerly was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services.

Doman works primarily on the AlienVault Open Threat Exchange OTX. His previous positions include working as a consulting analyst for Vectra Networks and on cyber threat detection and response for PwC. He runs the threat intelligence portal ThreatCrowd.org in his spare time.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network