Cisco Senior Security Researcher Brad Antoniewicz often gets asked whether those who take people’s computers hostage with ransomware actually hold up their end of the bargain and decrypt files when victims pay by bitcoin.
“They’re in it to make money… Good customer service is important to these people,” he said, and not at all tongue in cheek, during his lunchtime address on the opening day of SecureWorld Boston this week.
Antoniewicz, sporting a RUN DNS t-shirt reflecting his position with the Cisco Umbrella (formerly OpenDNS) team, dove into the topic of ransomware variants like Cerber as part of a broader talk on “An Anatomy of an Attack” and the elaborate ecosystem behind cyberattacks.
As he relayed, what starts as something seemingly simple like the infiltration of a Wordpress blog, often has much more serious consequences when you follow the “exploit kit infection chain.”
In the example Antoniewicz shared, a blog showed up normally for Chrome browser users, but in the form of an error message when accessed via Microsoft Internet Explorer.
“Somehow an error message is being spawned by another process outside the browser,” he said. “This is a pretty bad situation.”
