The Evolution of Ransomware
Posted by: Tristan Morris
A Voyage Beyond the Horizon is a speculative exploration of possible scenarios that could be brought about if current technologies and security issues aren’t addressed. While the following short story may be far-fetched and unlikely, it’s inspired by our conversations with Drew Schmitt, Practice Lead, GRIT and Mark Lance, VP, DFIR & Threat Intelligence with GuidePoint Security, and the issues they believe are important to address in the next one to five years. Listen to Mark and Drew’s thoughts below the short story.
Maria and Jake Sanders had just sat down to dinner with their children when there was a knock at the door.
“Well, who could that be at this hour, Jake? Do you think something could be wrong?” Maria started to fold her napkin and stand when Jake pushed away from the table.
“Don’t worry, honey. I’ll take care of it. It’s probably nothing, you had a long day at the office and I won’t see this meal go cold before you and the kids get a chance to eat some.”
Jake opened the door to see a friendly-looking man in a brown tweed suit standing on the front porch. The man started talking almost as soon as there was an opening big enough to see through, and before Jake could even begin to ask what he needed.
“Well hello there, would you happen to be Jake Sanders? I was just passing through the neighborhood and had a most interesting discussion with your neighbors the uh.. uh..” The man spun his hand in the air in front of himself as though trying to reel in a line that would have the neighbor’s last name attached.
“Henrys?”
“The Henrys! Yes! I was just talking to the Henrys and they said I should come and speak to you as soon as we finished our conversation. You see, it seems the Henrys recently had quite a scare and–May I come in? Thank you.” The man stepped into the house before he had finished his question. “As I was saying, the Henrys had quite a scare recently and they told me that they were worried about..”
“Hold on, sir. I don’t even know your name, even though you seem to know mine.”
“Oh, of course, how could I be so rude!” The man made a sharp, barking kind of sound that Jake assumed was supposed to be taken as a jovial and apologetic laugh. “My name is Charles Sinclair, it’s a pleasure to meet you.” Jake took the hand Charles extended, and Charles continued to talk as though he’d never been interrupted. “Like I was saying, I was speaking with the Henrys about a dreadful fright they had just last week. Did you know that their little boy was ransomed? Oh yes! Happened while he was at school; got a buzz on his wrist and a text threatening to delete the last six years of school from his memory if they didn’t pay a handsome fee! Can you believe that?”
Maria walked around the corner. “Jake, what is happening up here, dear? Aren’t you going to come back to dinner?” She stopped short when she saw the stranger in the foyer. “Oh, I didn’t know we had company, would you care to join us?”
“Oh now honey, I don’t think that would really be necess–” Jake tried to cut the offer off, but Charles was already walking into the dining room.
“Well I’d love that, thank you very much!”
At the dinner table, Charles recounted the story of the Henry’s terrible plight, to Maria and the children’s shock. “So you see, it’s a good thing I was passing through because I just so happen to be a purveyor of insurance for just such an incident!”
“I knew it, you’re a salesman. Thank you for stopping by, but we aren’t interested.” Jake stood to show Charles to the door.
“Oh but Jake, don’t you think we should hear him out? If it happened to the Henrys’ boy it could happen to Tim or Emily just as easily!”
“Now there’s a sensible opinion!” Charles immediately opened his briefcase and pulled out a series of pamphlets to distribute to each seat at the table. “Now, when it comes to your personal information and your children, you have to think about the value you’re willing to put on it. We have packages for every budget, but it’s so important to consider what the impact of a ransomware incident could be on your life if it were to target, say, your research for work. Or how far back it could set little Tim or Emily if they lost a year or two of education!”
“Our cheapest plan is the Bronze tier, and it covers your basic scenarios. It only kicks in for life-crucial data and doesn’t cover any personal memories, thoughts, or opinions. Any ransom over $10,000 will be covered but anything before that you’ll need to cover yourselves. Also anything over $25,000. Almost no one gets the Bronze package, unless they have absolutely no choice. And you don’t seem like Bronze-tier family to me. No, I think you’re at least a Gold-tier family, maybe even Titanium!”
Jake tried to jump in to cut off Charle’s pitch, but he kept barreling right through.
“At the Gold tier, we’re offering almost all-encompassing coverage of all your knowledge, memories, and experiences. For this tier the upper payout is a whopping two million dollars and your deductible would only be $500 per occurrence. We can also offer 24/7 support and negotiations with the ransomers to try to recover your most vital information before the ransom is paid, and the coverage also extends to any indirect impacts like identity theft and personal reputation management. There are some limits and addendums but if those are of any concern then I would highly recommend a jump up to our Titaniu–”
“Thank you, that’s enough, Mr. Sinclair,” Jake said as he stood up from the table. “We were just sitting down to dinner and now our meal is already cold. I speak with the Henrys almost every day and they haven’t mentioned anything about a ransom on their son’s information, and I’m sure they would if it had happened. I would appreciate it if you would leave us be.”
Charles assumed a dejected look that would seem to communicate embarrassment and sorrow if it had been on any other face. “Well then. If that’s how you feel, I’ll just leave my card and be on my way.” He stood and walked to the door, pausing before he passed into the hall, “Think about what I’ve offered, won’t you, Maria?”
Tristan Morris
Cybersecurity Solutions Marketer,
GuidePoint Security
Tristan Morris started his cybersecurity career in 2010 as a cryptologic linguist in the US Marine Corps, where he learned the fundamentals of security and threat hunting. At the end of his enlistment in 2015 he began using his skills, knowledge, and perspective to build training and education labs and CTF events by re-creating advanced attack lifecycles to construct realistic datasets for lab attendees to hone their skills. He has spoken at large security conferences and events from Black Hat to Singapore International Cyber Week.