Not only is ransomware a serious threat that all businesses should be prepared for, it is also experiencing an exponential growth. Malwarebytes, the leading advanced malware prevention and remediation solution, recently conducted a study looking into the prevalence of ransomware. This research uncovered the fact that almost 40 per cent of businesses had been a victim of a ransomware attack over the past twelve months. Among these businesses, over a third said they had experienced a loss in revenue as a result of the ransomware attack, while 20 per cent noted, alarmingly, that the attack caused them to completely halt their business.
Despite the growing prevalence of malware, not all attacks are equally as destructive. In many cases, cybercriminals will use old and ineffective versions of ransomware, backing up the attack with bombastic threats. In these cases, the real weapon is the threat, which is treated as seriously by the target as the malware itself. Looking at the potential consequences of a ransomware attack, it’s not difficult to see why. The perpetrators will often remind the victim that if they don’t meet their demands within a short period of time, all of the data in their system will be encrypted, leaving them completely unable to access what they need to run their business. In other words, they could lose everything.
Although the threats being made are often exaggerated, few businesses are willing to take the risk, leading them to pay up and as a result fuelling further ransomware operations for the cybercrime syndicates. A number of high-profile ransomware attacks have enforced this fear. Earlier this year, for example, the Hollywood Presbyterian Medical Centre, a prominent hospital in Los Angeles, was forced to pay $17,000 in bitcoin to hackers after its systems were infected by ransomware. Other targets who have given into ransomware demands include two Massachusetts police departments and a number of hospitals across the United States.
Identifying the real threats
In a sense, therefore, there are two different types of ransomware threat in place. That, which results in real malware being downloaded onto the corporate network, which causes immediate real damage and the psychological battle where threats are made and businesses are unsure whether they are viable or not but are often unwilling to take the risk.
Both threats, real and presumed are, however, likely to have a similar impact on the business concerned. Fear is, after all, a powerful emotion and is likely to elicit a defensive response. Think what you would do, for example, if you could not access any of your business documents - all of your personal files – and you are being held from them by a countdown timer to their complete annihilation.
This method of money-making by the faceless and nameless ‘black-hatters’ of the Internet is now becoming a serious threat. Recent research by Bitdefender reports that companies and individuals caught out in this way in the UK ‘are willing to pay the most to recover personal documents, photos and job-related documents’ with up to £400 being paid to decrypt locked and encrypted files for a start. Typically also, once businesses have shown that they are willing to pay, they are more aggressively targeted as their name joins a list of so-called “suckers” who will reach into their pockets for the convenience of getting their files back quickly.
Moreover, it’s not just a case of computers being hacked. The related phenomenon of SMiShing is also on the increase. SMiShing is a similar kind of attack that typically involves a user being sent an unsolicited SMS/text message which tricks them into downloading a rogue program, such as a Trojan horse, virus or other malware, or releasing sufficient personal details to compromise their security. In February 2016, a Santander customer lost £23,000 to a SMiShing scam, which the bank refused to compensate him for.
It is always best to minimise exposure to these scenarios where possible with common-sense, site or IP address blocking and end-point protection but that in itself may not be enough to counteract this ever more pervasive threat.
It’s critically important, of course, to ensure your electronic defence is as impenetrable as possible through the use of actively maintained antivirus software, firewall appliances, Intrusion Protection Systems, web and mail filtering, and define and robustly enforce policies that prevent penetration through ensuring correct system configuration and device ‘hardening’.
However, in today’s complex security environment becoming a victim of one of these increasingly prevalent security threats is almost an inevitably at some point. So, because it will happen, and when it does, what else do organisations need to consider? Robust backup systems are key, of course, but so too is putting in place robust policy and processes and a practical system of educating users.
Putting solutions in place
Best practice then is to implement a robust and incremental backup system of business/personal critical details, and keep those backups safely offline. Businesses should then also ensure they test these backups regularly and ensure everything that should be protected is protected.
On the user side, they should enforce a general information policy pertaining to what websites are SFW and NSFW (Safe For Work and Not Safe For Work) and educate themselves and their team on the risks and the methods by which ransomware is activated. This kind of focus on education is key. Organisations need to remember that their human firewall is their best, but is also often their last line of defence.
After all, in the battle against ransomware, businesses need to marshal their resources, ensure they have a strategic plan in place, train up their workforce and deploy their full gamut of policies and procedures to keep their corporate networks and systems safe.
Mike Simmonds, Managing Director, Axial Systems
Image Credit: WK1003Mike / Shutterstock