Google's VirusTotal reports that 95% of ransomware spotted targets Windows Google's VirusTotal service showing that 95 per cent of ransomware malware identified by its systems targets Windows. VirusTotal, acquired by Google in 2012, operates a malware scanning service that can be used manually or via an API, to analyze suspicious files. The team collected data between January 2020 and August this …
It's a combination of the damage caused and the frequency with which it happens. Both of those operate in multiple ways.
First, the damage. If your database is cracked and someone makes off with your customer data, that's bad. However, people won't notice, some won't understand the risk, and once you close that barn door, your customers bear the cost while your business goes on. A responsible company will handle that differently, but many don't fear that as much as they should. Ransomware is a much more direct hit on a business, making it hard for them to act, even if they do pay the ransom. Whether they pay the ransom or for people to do a full restore, the money comes out of their wallets in one big transaction, so it's very noticeable.
Second, a frequency event. The effect of ransomware is a lot like the effect of a fire in the office building, which is why you need off-site backups even if you don't have an ethical objection to paying ransoms. However, companies don't often hear about someone having their office burn down, so it seems remote to them. Ransomware is popular enough that it happens to people a lot and new enough that it gets news coverage when it happens, so people feel like it's a more likely event. That's why ransomware gets attention. It is a real threat, and it is both frequent and understandable for the nontechnical.
"I really do not understand this obsession of the infosec industry with ransomware."
It's currently very trendy with attackers. It's much like how in 1940, Londoners became obsessed with German bombers, despite there being other, much more efficient ways to kill people.
Who here remember all the Apple fans talking about how Macs 'don't get viruses.'
Google just doesn't learn.
Also, it's a bit... hmmm dare I say disingenuous in its presentation.
If 95% of samples submitted are Windows malware, and 95% (for the sake of argument) of the submitters use Windows, then that just makes sense.
If there are 1,000 viruses submitted, and only 1 affects Chromebooks, well to that I'd point out that SARS-CoV-2 is just one coronavirus out of thousands (millions?) but it's a a pandemic. What does the number of viruses for a given platform vs the total written really say about what Google is trying to imply with these numbers?
This is just a case study of how to lie with facts. I mean nobody's seriously saying that malware authors don't target Windows the most because that's where the money is. That conclusion is fairly uncontroversial... but that statement doesn't say anything useful at all about the security of Chrome, just that they are _currently_ small fry that aren't much bothered with, like Apple used to be. It doesn't make them better or more objectively secure.
> [ ... ] but that statement doesn't say anything useful at all about the security of Chrome [ ... ]
Maybe, maybe not, but it confirms says quite a bit about the security of Windows in 2021.
It was only a matter of a very short time before someone came up with the "Yeah, but Linux | FreeBSD | UNIX | Chrome ..." whataboutism.
> [ ... ] malware authors [ ... ] target Windows the most because that's where the money is [ ... ]
They target Windows because (a) it's the most used operating system in the world and (b) it's also the easiest of all to attack successfully.
Both of which should make Microsoft a tad more conscious about the security characteristics of their operating system. But it doesn't, because Microsoft always has some more future bullshit to sell. It's all about the future. Never mind the present.
@ST "It was only a matter of a very short time before someone came up with the "Yeah, but Linux | FreeBSD | UNIX | Chrome ..." whataboutism."
The post by Cybersaber is not whataboutism when Google in their report brag about no ransomware attacks on Chrome.
""Our Chrome OS cloud-first platform has had no reported ransomware attacks … on any business, education or consumer Chrome OS device," brags Google."
Hence Cybersaber's comment "but that statement doesn't say anything useful at all about the security of Chrome".
> The post by Cybersaber is not whataboutism when Google in their report brag about no ransomware attacks on Chrome.
Do you have any direct knowledge of ransomware attacks on ChromeOS?
If you do, please post references here.
This is precisely what whataboutism is about. Especially when it comes to Windows and Microsoft. They've been peddling pure shit for the past 40 years, and their only defense - if you can call it that - is to trash their competitors' superior products.
And don't give me the oh, but no-one uses ChromeOS bullshit. It's used quite extensively here in schools - at least here in the US.
If there was a target that would be quite easy to attack, it would be school children. Generally, at age 12 - 14 or thereabouts, they aren't that savvy about security.
@ST "Do you have any direct knowledge of ransomware attacks on ChromeOS?
If you do, please post references here."
I did post a reference, a quote from the article quoting from Googles own report which is what the article was about. I assume you never read the article so here it is again.
""Our Chrome OS cloud-first platform has had no reported ransomware attacks … on any business, education or consumer Chrome OS device," brags Google."
So no ransomware attacks. Now that might be because Chrome is such a secure OS no one has created ransomware for it. Or maybe not much of a ransom can be got for encrypting little Johnny's school Chrome book.
Chrome is cloud-based. Remember cloud is somebody else's computer, in this case Google's. Little Johnny's school Chrome book might not be a big target but Google's is and little Johnny's Chrome book is one of what's likely the only class of accessible entry point.
"If there was a target that would be quite easy to attack, it would be school children. Generally, at age 12 - 14 or thereabouts, they aren't that savvy about security."
I eagerly await hearing about the multi-million dollar payout you manage to secure from Sophie, age 12, after you crypto-lock her 1200-word essay on why she enjoyed reading Black Beauty.
"If there was a target that would be quite easy to attack, it would be school children."
... but where's the money in that?
Spend six months designing malware that targets an OS that is mainly used by school children who have a few quid a week in pocket money (and that, by virtue of not having to support aging systems, can afford to implement better security), or spend six weeks build malware that targets businesses that make thousands of pounds per day and have old legacy systems to support that block security updates...
I know which would be the smarter time investment.
It seems to me that the "Linux | FreeBSD | UNIX | Chrome ..." whataboutism" is mostly coming from you. Albeit the reverse of what you're claiming to see, but still. You assume that Windows is being attacked because it's "the easiest of all to attack successfully" without much evidence. And it's basically wrong. Nothing stops ransomware working on Linux. It would work pretty well, since there isn't much difference in disk protection between Windows and Linux. Mac OS does have stronger disk sandboxing inside user accounts, and that could help if it wasn't broken by Apple's mistakes, but neither Linux nor Windows have that.
A properly-run Windows network will be good at blocking or recovering from an infection just like a well-run Linux network. The OSes have differences in security, and I generally prefer Linux's model, but it doesn't make it immune or even distinctly better. An attacker who wants to hit you and knows you have a Linux setup can take on that challenge. To claim otherwise is likely to lead to problems.
> A properly-run Windows network will be good at blocking or recovering from an infection just like a well-run Linux network.
You do not have even a minimal, cursory understanding of Windows' attack vector. Which is typical of Windows users and administrators.
The only way of making your Windows computer somewhat secure is by not connecting it to any network. At all. And by never installing any applications. Not even from a memory card.
Anti-virus software will not protect your computer. It's a perpetual catch-up game. The anti-virus software is on losing side.
Not even Microsoft can come up with anti-virus software that secures their OS. Windows Defender is one of the worst anti-virus software available. It misses half of what any other anti-virus will catch.
Windows' security is broken by design, and it is not fixable without a major redesign.
https://www.forbes.com/sites/daveywinder/2021/09/11/the-inconvenient-truth-about-windows-11-malware/.
That's just one article. There are plenty.
Windows has lots of problems. I would never deny that. Your demonization of it, however, is hyperbolic and therefore inaccurate. Your comparative idolization of alternatives is likewise flawed. Windows is attacked very often for one very important reason: that's where the users and data are found. Getting a user to execute a binary is a great insertion mechanism. Despite your assertions, you can block them from doing so and you can restrict what that binary can do, but many administrators do not. Since most users are on Windows, the attackers go against Windows. The problem with comparing them is that you can also mail a Linux user a binary. They can also run it unless the administrators have restricted their actions. It can do similar things if you do run it. Bugs allowing privilege escalation have been found in both systems, for example. Exactly how the various things are done will differ between platforms, but both can be attacked in similar ways.
Windows' security is broken by design, and it is not fixable without a major redesign.
....Actually, it's just NOT possible to secure at all. That's the way the NSA wanted it, and the fundamental corporate inability of MS to understand the real nature of the problem ensures that it'll never be fixed.
A properly-run Windows network will be good at blocking or recovering from an infection just like a well-run Linux network
Alas, how many of either have you ever seen in the wild?
While the Windows kernel security is pretty much on a par with Linux, MS has the problem of being the world's favourite target due to its extent, and they are also responsible for Office and all of its weaknesses for malware-in-a-document due to macros and miscellaneous complexity, as well as lots of legacy stuff they can't (or won't) fix securely.
Thankfully the whipping-boy standard of Swiss-cheese security, Adobe Flash, is no longer in common use!
It seems to me that the effect of ransomware is more down to the implementation of security in organizations, rather than the possible security of the OS.
The thing about ransomware is that it can be damaging to an organization even if the person cursed with running it has no escalated privilege.
This is because it can encrypt all the files that the victim has access to. The OS on the system it's running on could be completely secure, but if the storage model, especially for network shares is fairly flat, then all the data that the victim has access to is at risk.
I'm not dis'ing all Windows admins. but I've too frequently found that ordinary users have write access to waaay more data on a corporate network than they need for their job. Where I work, my ordinary, non-privileged user account has access to most of the design documentation, a lot of operational procedures, system monitoring information, code repositories and a fair amount of project tracking information.
If ransomware got in, all of this data would be at risk, although the chances of that is pretty minimal because of the nature of the business and the lack of connectivity of the core systems to the outside world. There is a pretty robust offline backup regime not running on the same technologies as the office systems (segregation of technologies has always been a wise policy IMHO) as well.
I have also worked in other organizations where access is well locked down by proper well though out policy, and my account, while still having access to some important data, could not access files from other projects and teams at all unless I was explicitly given access. If ransomware got into one of those environments, it would have been embarrassing, but not a business stopper.
Of course, if ransomware managed to get itself run by a user with escalated privileges, then all bets are off.
There was no 'whataboutism' in my post. I didn't say 'well what about Google.' or bring up any vendor or facts not listed in the article. Google stated specific facts, then heavily implied conclusions not supported by those facts. This was the meat of my 'how to lie with facts' comment.
Fact:
Chrome malware is rare to nonexistent.
Heavily implied conclusion:
This means chrome is more secure (unsupported by the facts. Absence of evidence is not proof.)
Historical parallel drawn by me:
Apple's ancient claims to similar effect because at the time they were a bit player like chrome and weren't worth the effort. That changed, and there is Mac malware now.
No 'whataboutism' because I wasn't saying 'what about Apple' nor 'what about microsoft.'
Chromebooks are generally used in education and by individuals, Ransomware long gave up on those as they saught more profitable targets like businesses.
Google is just a stupid self romoting company that is more akin to these hackers in the the way they steal peoples data and use it for their own benefit than the poor hapless business dealing with ransomware.
It woudl be nice if google woudl say they have moved soley to Chromebooks in their business and i suspect that it would perk up some interest in Chromebook hacking techniques and ransoware as many groups would seek the ultimate prize of G suite offline due to ransomeware.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
