Cyber

Spike in ransomware

by Mark Rowe

The first ransomware was discovered in 2005. A great deal of the growth in the number of ransomware families seen has been seen recently, writes Colin Tankard, pictured, Managing Director, Digital Pathways.

According to FBI estimates, ransomware cost victims US$24 million over the whole of 2015, but that had grown to US$209 million in the first quarter of 2016. In Verizon’s 2016 data breach investigations report, ransomware was identified as one of the fastest growing exploits, accounting for nearly two-fifths of crimeware seen, up from just under 5pc in the previous year’s report, when it hardly got a mention.

Ransomware is malware that encrypts data stored on a device so that it is unavailable to the user until they pay a ransom to the attacker in the hope that the criminal will provide the decryption key required. Yet there have been cases seen where an organisation has paid the ransom, but has still not had its valuable data unlocked. Law enforcement agencies, including the FBI, are advising that you should not give in to the extortion attempt. Whereas previously ransomware largely preyed on individuals, and mainly consumers, organisations are now being hit in droves. Over the past year, a wide variety of organisations have been targeted, including hospitals, government departments, schools and even law enforcement agencies.

According to HIMSS Analytics, more than half of hospitals in the US confirmed that they were hit by ransomware during 2015 and a further quarter admit that they have no way of knowing whether or not they were a victim of such an attack. One medical facility, the Hollywood Presbyterian Medical Center, recently paid the equivalent of US$17,000 in ransom to criminals. Many demands are made in bitcoins, making them hard to trace.

But it is not just about the monetary value of the ransom. Dealing with ransomware can incur considerable other costs in terms of data recovery costs, missed deadlines and lost sales. When ransomware was first being seen, criminals used to use mass email blasts in the hope of hooking a target. But they are becoming more sophisticated. Today, targeted phishing campaigns are more often being used. According to PhishMe, 93 per cent of all phishing emails seen at the end of March 2016 contained encryption ransomware, up from 56pc in December 2015.

The onus is on organisations to step up their awareness of the dangers of phishing emails, teaching their employees about the dangers potentially borne by emails. According to Verizon, 30pc of phishing messages were opened by recipients in 2015 and 12pc went on to click on links or open attachments, which are higher amounts than the previous year. Apparently, the message is not getting through.

In the face of the growing ransomware epidemic, backing up important files and documents is essential. Anyone can be a victim. However, the backup should be stored in a separate place since many strains of ransomware aim to move laterally to find further data to encrypt, such as that held on file shares or other parts of the network. Once a backup is made, it is imperative that it is checked to ensure that it is recoverable.

Another precaution to take is to tie down access controls so that a user can only access data that they really need to. Privileged accounts should be carefully managed and no one should be given excessive privileges. Use the principle of least privilege. User activity monitoring and alerting will help to weed out risky behaviour, and will potentially help to stop unwanted user actions. This will also help to identify users engaging in the riskiest behaviour so that they can be singled out for extra attention before the business is put at risk.

Ransomware is attractive to criminals because of the ease with which it can be spread and the potential gains that they can make. The huge spike that has been seen recently is likely not a short-term blip. But, by taking the right precautions, the likelihood of becoming a victim can be lessened considerably.

Visit www.digpath.co.uk.

Related News

  • Cyber

    Malvertising won’t go away

    by Mark Rowe

    Ad agencies, search engines and cybersecurity specialists should work collectively on the security threat from rising malvertising, it is claimed. Ben Williams,…

  • Cyber

    Don’t be the weakest link

    by Mark Rowe

    Chris Dye, pictured, VP Marketing and Communications at cyber security product company Glasswall Solutions writes about protecting your supply chain from targeted…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing