BrainBlog for Model9 by Jason Bloomberg
Ransomware is a pernicious form of malware that encrypts important files on business systems. The attacker then requests a ransom to be paid in crypto in return for sending the decryption key. However, paying the ransom doesn’t guarantee the attacker will follow through (they are criminal, after all) – and even worse, paying the ransom may be illegal.
Ransomware can target any type of system, and attackers certainly favor the easier ones. One might wonder, therefore, whether they would ever attack a mainframe. Mainframes, after all, are well-protected, more isolated than distributed systems, and leverage proprietary protocols and relatively obscure languages and procedures.
Why, then, would an attacker ever want to target a mainframe? To paraphrase bank robber Willy Sutton: because that’s where the data are.
Understanding the Risk
Today, many mainframe users – even privileged ones – use Windows machines (or other phishing-susceptible computers) to access their mainframe accounts. All it takes is one privileged mainframe user to click on a malicious link and download a keylogger. The next time they log into the mainframe, BAM! The attacker is in.
Attackers will then use any available file transfer protocol to upload their malware to the mainframe and compile it in place. The next step: encrypt as many files as it can – and most importantly, encrypt as many backups as possible as well. Any backup connected to the network is fair game.
Read the entire BrainBlog here.
