Ransomware commonly uses pop-up pages which contain blackmailing messages, telling the recipient that their computer has been locked by the FBI or another policing body, and that they must click to pay a fee, to regain control. Earlier this week, a medical centre in Australia was subjected to a more sophisticated ransomware attack, in which thousands of patient records were encrypted by hackers who later demanded £2,600 to release the information.
Ross Brewer, vice president and managing director for international markets, LogRhythm
“Ransomware unfortunately looks to be a huge new threat to computers and IT systems, both personal and corporate. While point security tools, such as anti-malware software, can be utilised to remove the ransomware once a machine has been infected, they have repeatedly proven their various limitations over the past few years. Furthermore, the aim should be to prevent the malware from even being installed in the first place – nobody should be subjected to having their network data held captive by cyber criminals.
“For organisations, this is especially important, as not only would their sensitive corporate data been breached, but their whole business operation could grind to a halt. As such, instead of focusing their resources purely on point security solutions, the increasingly sophisticated nature of today’s cyber threat calls for continuous, protective monitoring of IT networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all.
“Usually, ransomware hijacks do turn out to be a simple demand for money to unlock the PC, but often hackers may also install infected computers with backdoors that anti-malware software may not detect, which allows them to gain further access to the computer’s data at any time. Only by having centralised systems in place that can collect and analyse – but, most importantly of all, add context to data as and when it is generated – can any abnormal behaviour in IT log data be alerted on, allowing for the immediate identification and prevention of ransomware and its associated problems.”
Bimal Parmar, VP of marketing at Faronics
“This sort of scam is a clear indication of just how sophisticated – and malicious – cybercrime is becoming. Fake anti-virus isn’t necessarily a new thing, however ransomware goes that step further by essentially holding a computer hostage and opening a dialogue between PC users and cybercriminals trying to negotiate a fee. With such convincing social engineering tactics, and with employees being granted more online freedom at work, this will almost certainly become a problem for many businesses.
“A major concern is that as users become more aware of traditional cyber attack tactics such as spam and phishing, many believe that they know everything about identifying and avoiding them. Unfortunately, new scams such as this are emerging at a rapid pace, using different methods to blindside their victim and convince them that the attack is genuine. If they’re successful, it can have a hugely damaging financial impact.
“The first step to avoiding this is for users to realise that cyber attacks are not restricted to specific tactics. What we don’t want is for online activity to be limited by fear, especially when all it takes is a bit of common sense and a few security checks to mitigate the risk. Raising awareness and educating users on what to look out for is an essential precaution – however, as employees can often be easily manipulated, a solid endpoint security strategy involving layers of defence, is critical. Only by investing in multiple safety nets will an organisation have peace of mind should they become the target of such a sophisticated attack as this – after all, if just one workstation is held ransom, the entire enterprise is put at risk.”
And Paul Davis, Director of Europe at FireEye
“With more people waking up to the realities of spear phishing and other methods of attack on their data – ransomware is looking like the next logical step in social engineering. And that is a very frightening prospect indeed. While this type of scam has been around for quite some time, recent incidents on both sides of the Atlantic suggest that hackers are increasingly making it part of their ongoing quest to capture valuable data. Worryingly, the panic created in people who happen to visit the wrong website at the wrong time could make them succumb to the financial demands of cybercriminals simply to avoid embarrassment.
“Though it is arguably a scam targeted at consumers, ransomware can easily find its way onto the corporate network – paving the way for larger-scale attacks against organisations. With employees increasingly browsing social networking websites and opening email attachments from strangers, they are fast becoming a real threat to IT security – after all, it takes just one person to click the wrong link for malware to infect the entire system. The information that is harvested and held to ransom can then be sold on to other hackers who really know how to use it.
“As with all sophisticated, elaborate IT security threats, the only way to ensure the most robust protection for the corporate network – without imposing a blanket ban on personal internet use – is for organsiations to have a comprehensive security solution in place across the entire IT estate. It’s been said time and time again that traditional perimeter solutions are not strong enough to fight the calibre of threats that we are seeing today, and advanced security tools must be used to protect all potential vectors of attack. Only then can IT teams be sure that all bases are covered, even in the event that one employee slips up.”
