A year after the Wannacry ransomware, the threat remains, according to a cyber security product company. There has never been a more perfect storm for the rise of ransomware, according to a report by Webroot.
It says: “Cybercriminals increasingly prefer ransomware as it does not require selling data on the black market. Ransomware completely automates monetising company and personal data, and with the use of untraceable cryptocurrency, cybercriminals have a low risk of being caught by authorities. Criminals are also taking advantage of multiple attack vectors including phishing attacks sent via e-mail, Remote Desktop Access attacks, and poorly patched systems on outdated legacy software platforms. This highly profitable form of attack shows no signs of stopping.”
The report points out that tansomware attacks, like any cyberattack will always favour the cybercriminal. Organisations have the impossible job of defending against a myriad of threats and attacks, whether targeted or random, against their devices and resources. Cybercriminals on the other hand only need to be successful once. The IT firm says it has detected 12,000 unique variables of the WannaCry ransomware, most only seen on one machine but all requiring individual detection, significantly complicating the task of guarding against it. The company continues to detect 500 new variants of WannaCry ransomware per month.
Always an attractive sector for attackers, healthcare is under greater threat than ever, the firm says; as healthcare offers a vast, distributed attack surface, and multiple connected devices. The firm advises that having a regular reliable backup process is critical to defeating ransomware. Backups need to be air-gapped and not accessible from the network. Make sure operating systems and third party software is kept up to date; and create detailed disaster recovery plans and conduct dry-run testing to improve plan efficacy.
David Kennerley, Director of Threat Research, Webroot said: “The WannaCry attack of 2017 made global headlines and severely impacted organisations everywhere – most notably the NHS in the UK. Across all sectors it’s clear that awareness of ransomware as a threat has increased since the attack. However, organisations still aren’t investing the necessary time and resources in risk mitigation and recovery processes, leaving them with limited options in case of a successful attack. The healthcare industry in particular needs to be very aware of the fact that it is a high profile target, with valuable data at stake, and take special care to ensure that defences are in place.”
For the report in full visit webroot.com.
Comment
Mark Weir, Cisco UK and Ireland director of cybersecurity, said: “With the severity of ransomware attacks continuing to grow on a massive scale, it’s critical that businesses need more focus, support and training on cybersecurity than ever before. What’s even more worrying is that over half of businesses would consider paying ransoms if under attack, which is simply not acceptable. This just encourages attackers further and puts organisations in danger of another attack.
“Attacks such as WannaCry could have been prevented if organisations had just applied basic security practices. Businesses must have this in place, alongside processes for incident response. They should also make sure respective storage backup and restore processes are fit for the purpose of mitigating ransomware risks. But this is no longer enough today. It’s vital that businesses and government alike also constantly innovate and collaborate to make it increasingly difficult for cybercriminal’s to impact on our lives through techniques such as ransomware. Emerging technologies like Artificial Intelligence, Machine Learning and automation are no longer a luxury, but a necessity in ensuring we don’t just keep up with, but stay one step ahead of the bad guys. As well as Cyber protection solutions
“Protection from ransomware is key and must be a standard measure in all organisations – especially for vulnerable sectors such as healthcare as highlighted in this report.”
