When you go to watch a Netflix movie, you'd think the only hostage situation you may encounter would be played out on big screen. Unfortunately, it may actually be something you're faced with in reality.
A new family of ransomware targeting Netflix users was recently discovered by Trend Micro. This ransomware (RANSOM_ NETIX.A) obtains Windows and PC users' account credentials through a login generator used by people who are trying to watch movies for free rather than pay for a membership. To have their files decrypted, the ransomware demands the victims pay $100 worth of Bitcoin. (Oh, the irony). As Trend Micro explained, using phished Netflix accounts are particularly alluring for cybercriminals because multiple IP addresses can use the account at the same time, making it harder for victims to detect the infiltration.
— Trend Micro (@TrendMicro) January 30, 2017
Ransomware on the rise
This scheme doesn't just serve as a reminder regarding the risks associated with downloading pirated content. It also highlights the growing threat of social engineering being used by hackers - and the importance of safeguarding account information so cybercriminals can't monetize their credentials.
Trend Micro Global Director of Threat Communications Jon Clay explained to Dark Reading that this recent family of ransomware is only one example of a growing trend of ransomware that gained traction in 2016. According to the source, last year saw an almost 750 percent growth of new ransomware families. This year, new families are expected to grow by 25 percent.
"We will likely see other popular vendors targeted with their brands, especially if the actors behind [the Netflix scam] find success," Clay said. "They will use this tactic again with other vendors."
Dark Reading recommended businesses use this event as a wake-up call to elevate their employee education and training practices.
Taking the straight path to security
Netflix-watchers who try to bypass the monthly subscription fee and pirate the membership put themselves at risk of having to pay a much greater price than they otherwise would have if they went about watching their movies correctly. It's a risky move that can have damaging consequences - not unlike organizations trying to take short cuts with information security.
Improving InfoSec training and policies should be a company-wide initiative, not just the IT department. Human error accounts for a significant portion of data breaches and cyberattacks. All employees are potential victims and capable of making a mistake that could usher in a breach. Every person in the business has a role to play in information security, therefore every person should undergo some type of training. For the training to have any real value or effect, it needs to be customized according to their job functions.
To learn more about building an effective and robust InfoSec training strategy, download our whitepaper.