Like most cybercriminal activities, ransomware attacks are primarily about one thing – financial gain for the hackers.
The global ransomware attack of May 2017 played a significant part in moving the term “ransomware” into the mainstream lexicon. In the UK, the attack’s impact on the National Health Service was what grabbed most of the headlines, but the same attack also impacted operations for a host of other global organisations, including Renault, FedEx and China’s National Petroleum Corporation.
While plenty of the organisations affected clearly hold huge bodies of data, there’s little to indicate that May 2017’s attack was ever intended to target specific silos of “big data”. It seems that it was more of an opportunistic attack that spread wherever it could – often due to shortcomings in various company’s internet security strategies and system patching regimes. However, there’s plenty of evidence to suggest that there will be future ransomware attacks that are more targetted – and companies sitting on vast bodies of big data are an inevitable target.
Servers running systems such as MongoDB and HDFS (Hadoop Distributed File System) are commonly deployed in cloud environments that store large amounts of information related to the world of big data. HDFS instances can contain up to 5120 terabytes of data, and a recent report suggests that there are around 5000 of them connected to the public web.
Scarily, studies have shown that poor IT security practices are leaving plenty of these systems wide open to ransomware attacks. In many cases, the mistakes being made are as basic as system admins failing to password-protect the systems. And these are systems hosting big data for purposes such as “finance and search” systems. Ransomware tends to spread through various channels, including phishing emails, email attachments and infected programs, any of which can appear as a legitimate, clean email or piece of software to employees.
Going back to the initial point about hackers often being motivated by money, it’s self-evident that they could potentially extract far more ransom money were they to gain and remove access to data of this nature. A targetted ransomware attack on big data would surely be far more lucrative than the global attack of May 2017. Headline-grabbing though this was, the sum the hackers eventually extracted from their Bitcoin wallets was surprisingly paltry.
While big data is an inevitable and desirable target for hackers, its nature also means it can play a part in fighting back against ransomware. At least that’s what security researchers hope.
The traditional method of fighting against ransomware, and indeed other computer viruses, has always been a definition-based game of cat and mouse. All it takes is for hackers to be one step ahead of a company’s chosen Internet security vendor, and they can infect a system with something the antivirus solution doesn’t know about yet.
However, with big data added to the equation, companies can do far more to fight back. The sheer volume of information that companies involved in big data process makes it possible to spot patterns of malicious activity far sooner.
If companies in the world of big data make efforts to analyse all the data they have and collaborate with other players, they can strengthen their position. By pooling information on threats, rogue domains and suspicious IP ranges, they can – at least in theory – make the cat and mouse game far harder for the criminals.
So, we arrive at a place where big data becomes both target for hackers and a threat to them. The years ahead will no doubt prove interesting.