We all know how expensive software licensing is.  The old adages, “there is no such thing as a free lunch” and “if it seems too good to be true, it probably is” ring true, now more than ever.  It’s always tempting to find a “free” version of expensive software or utilize a pirated software key to get around having to pay for legitimate software, but the potential risk can be far costlier than the software.

Recently, Bleeping Computer reported that a student from a biomolecular research institute attempted to pirate expensive data visualization software, and unwittingly unleashed a Ryuk ransomware attack.  This attack cost the institution a weeks worth of research data, not to mention the a week-long outage, as network serves were rebuilt and restored.  Ultimately much more than the cost of a legitimate copy of the software. Because the institution utilized a solid business continuity, backup and disaster recovery solution, they were able to trace the breach to a student’s laptop and credentials, and eventually restore the servers to a pre-attack status. This particular student was trying to avoid paying the few hundred dollars necessary for a personal copy of software used in in their work, by searching the web for a cracked version and downloading it to their personal device.  However, instead of getting the software, the student got a trojan that logged keystrokes, stole the Windows clipboard history, and stole passwords, including their remote access credentials to high level servers.  Basically, this mistake handed the keys to the institution’s kingdom to Ryuk cybercriminals.

The underground network of threat actors is a tangled DarkWeb, with layers of nefarious players buying and selling information at an alarming rate.  The players that sold the ‘pirated software’ may not have even been the ones that launched the Ryuk attack.  They may have only been the ones to sell the individual’s credentials, possibly for as little as $3.  Entire marketplaces have sprung up whose sole product is stolen remote access credential.  This type of ‘business’ has flourished recently, with more people using RDP sessions to access remote servers with the explosion of the work-from-anywhere environment.  One investigation showed that 1.3 million accounts were put up for sale on just one of these marketplaces.

It is fact that the weakest link in the security armor of any company is the employees, and there will always be human error.  Ongoing cyber security awareness training is a first step to ensuring that your employees understand the pitfalls of downloading cracked software as well as opening phishing campaign emails. However, good cyber security is a multi-layered approach that includes multi-factor authentication, as well as restricting access for individuals and IP addresses, which would have prevented this particular attack.

Because, “there is no such thing as a free lunch (or software)”,  make sure the humans on your network are educated, the machines are protected, and the data is secure.