{"id":1299,"date":"2018-02-16T10:52:03","date_gmt":"2018-02-16T14:52:03","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1299"},"modified":"2018-02-16T10:52:03","modified_gmt":"2018-02-16T14:52:03","slug":"week-february-16-2018-ransomware","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/","title":{"rendered":"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-States"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1301\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png\" alt=\"ransomware nation-state actors\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod-300x150.png 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod-768x384.png 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod-540x270.png 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod-162x81.png 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod-360x180.png 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The concept of the nation-state hacker has fundamentally changed the conversation about <\/span><a href=\"https:\/\/solutionsreview.com\/endpoint-security\/3-things-know-digital-extortion\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">ransomware<\/span><\/a><span style=\"font-weight: 400\">, digital threat actors, and cybercrime in general. Where once the imagined spectre of the hacker was of a basement-dweller in a black hoodie stealing for their own benefit, now it is of a government funded and trained attacker specifically hacking their nation\u2019s enemies. Cybercrime has become a proxy battlefield for <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-north-korean-digital-crimewave-affects-enterprise\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">international conflicts<\/span><\/a><span style=\"font-weight: 400\">\u2014conflicts where damage can be inflicted with minimal if any recourse available to the victim nation-state. \u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a title=\"Download link to SIEM Buyers Guide\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_SB_BG.gif\" alt=\"Download Link to SIEM Buyers Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week in particular saw plenty of headlines with this very theme connecting them. Here are the 2 you need to be most aware of: <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>White House Announces Russia Behind NotPetya <\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yesterday, the Trump Administration confirmed that the <\/span><a href=\"https:\/\/solutionsreview.com\/identity-management\/stop-ransomware-wannacry\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">NotPetya<\/span><\/a><span style=\"font-weight: 400\"> ransomware epidemic from 2017 came from Russian intelligence agencies. Authorities from the United Kingdom had already made similar allegations. In their statement, the White House claimed Russia\u2019s motivation was to destabilize the Ukraine and that there would be \u201cinternational consequences.\u201d <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The promise of international consequences is of particular note; part of the motivation for nation-state actors taking to the web for their strikes against others is that no country would risk physical confrontation over a ransomware attack. Therefore, it will be interesting if, and how, any consequences would manifest. Possibly it could be in a reactionary cyberattack against Russia in an eye-for-an-eye approach. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The NotPetya episode also shows how diverse ransomware can be in their aims and in kinds of damage it can inflict on nation-states. NotPetya was not as interested in obtaining money as it was in deleting critical data, disrupting businesses, and damaging infrastructure in the Ukraine and around the globe. <\/span><\/p>\n<h3 style=\"text-align: justify\"><b>North Korean Ransomware Spun Out of Control<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Much of the collateral damage from the attacks originating in North Korea\u2014including WannaCry, Faedevour, and JML Virus\u2014was due to the malware spreading out of their creators\u2019 control. Research from SIEM vendor <\/span><a href=\"https:\/\/www.alienvault.com\/blogs\/security-essentials\/north-korean-cyber-attacks-and-collateral-damage\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">AlienVault<\/span><\/a><span style=\"font-weight: 400\">, analyzing anonymized data collected from their clients, identified commonalities between the attacks and concluded that they all resulted in more harm than was most likely intended. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This is one of those conundrums we\u2019re going to have to prepare for in cybersecurity: once ransomware is out in the wild, it will continue to change hands and evolve in new and possibly more perilous directions; AlienVault noted in a <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/key-findings-alienvaults-open-threat-exchange-platform-reports-exploits\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">previous report<\/span><\/a><span style=\"font-weight: 400\"> the recurrence of older ransomware families and exploits. Nation-state threat actors are creating ransomware without thinking of the consequences\u2014they see it as a blank check for proxy wars\u2014but those consequences will be difficult to predict and difficult to properly secure against. Without some kind of international regulation dictating nation-state behavior online, ransomware could spiral out of control and cybersecurity teams could be scrambling to protect against attacks from their own countries&#8230;if they aren\u2019t already.<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>The concept of the nation-state hacker has fundamentally changed the conversation about ransomware, digital threat actors, and cybercrime in general. Where once the imagined spectre of the hacker was of a basement-dweller in a black hoodie stealing for their own benefit, now it is of a government funded and trained attacker specifically hacking their nation\u2019s [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1301,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[175,95,145,112,536,548,57],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>This Week\u2014February 16, 2018\u2014In Ransomware and Nation-State Actors<\/title>\n<meta name=\"description\" content=\"Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week saw headlines with this theme.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-State Actors\" \/>\n<meta property=\"og:description\" content=\"Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week saw headlines with this theme.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-16T14:52:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/\",\"name\":\"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-State Actors\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png\",\"datePublished\":\"2018-02-16T14:52:03+00:00\",\"dateModified\":\"2018-02-16T14:52:03+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week saw headlines with this theme.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png\",\"width\":800,\"height\":400,\"caption\":\"ransomware nation-state actors\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-States\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-State Actors","description":"Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week saw headlines with this theme.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-State Actors","og_description":"Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week saw headlines with this theme.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2018-02-16T14:52:03+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png","type":"image\/png"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/","name":"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-State Actors","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png","datePublished":"2018-02-16T14:52:03+00:00","dateModified":"2018-02-16T14:52:03+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Now every ransomware attack is clouded with the suspicion of a nation-state behind it, seeking to cause disruption. This week saw headlines with this theme.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/02\/ransomware-2-mod.png","width":800,"height":400,"caption":"ransomware nation-state actors"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/week-february-16-2018-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"This Week\u2014February 16, 2018\u2014In Ransomware and Nation-States"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1299"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1299"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1299\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/1301"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}