Over the past several years, ransomware attacks have become one of the greatest outside threats to the information security of businesses and government agencies. As organizations scramble to meet the challenge, cybercriminals have been developing increasingly sophisticated ransomware, with recent trends indicating a worrying pattern of malicious attacks that are designed not to extort victims, but to maximize the destruction of data. This article provides an overview of the evolving ransomware problem, with key steps that any organization can take to eliminate or minimize exposure to this cyber menace.
The Ransomware Menace in Numbers
Between 2005 and March 2016, 7,600 ransomware attacks in the United States were reported to the FBI’s Internet Crime Complaint Center (IC3), with a 300% increase from 2015 to 2016. The IC3 received 1,783 complaints in 2017, down from 2,673 incidents the previous year, with costs from damage reaching $2,344,365. Globally, the scenario is different. According to the 2018 Verizon Data Breach Investigations Report (DBIR), ransomware attacks have doubled twice year-on-year between 2016 and 2018. The report added that ransomware makes up 39% of all malware-related attacks. The intensity of attacks has also been on the rise, with the global cost of ransomware damage expected to rise to $11.5 billion by 2019 according to Cybersecurity Ventures.
A Universal and Evolving Threat
In response to increases in detection capabilities, ransomware is becoming more sophisticated and unpredictable, with the emergence of new ransomware techniques designed to go around the countermeasures that organizations have been developing to protect themselves. These include:
- Slowing down and randomizing the encryption process to stay below antivirus detection thresholds;
- Embedding ransomware in files attached to emails that appear to be business related;
- Use of polymorphic code (avoiding detection by changing as it spreads);
- Encrypting hard drive master boot records;
A worrying sign of this evolution in cybercrime is the rise of pseudo-ransomware – a type of malicious software that’s designed to destroy data rather than encrypt it for ransom, or create a digital smokescreen meant to hide another type of attack.
Ransomware targets organizations large or small without distinction, but small businesses and local governments are usually the least prepared for attacks. The December 2017 attack on Mecklenburg County in North Carolina exemplifies how state and local governments have also become cybercrime targets. On that occasion, the government’s computer system was frozen and services were stalled by LockCrypt, with hackers demanding $23,000 in ransom to stop the assault. In a November 2016 attack on Madison County in Indiana, infrastructure services were paralyzed for almost a week. According to Fortalice Solutions CEO Theresa Payton, “it’s not a matter of if, it’s a matter of when”, referring to cyber attacks on public and private organizations.
Building an Effective Defense
According to IBM’s 2018 Threat Intelligence Index report, human error is responsible for up to two-thirds of compromised data. Within this scope, misconfigured cloud infrastructure has been responsible for almost 70% of compromised data, while phishing attacks through emails to unsuspecting victims account for most of the rest. With these revelations, the importance of filling employees in on basic information security best practices has become greater than ever, and investing in effective training that instructs team members on the best way to manage company data can make the difference between an organization that’s safe or one that’s vulnerable to attack. Here are some other important steps that every organization should take to protect themselves from ransomware:
- As a precaution, two-factor authentication and encryption should be used for all important transactions. This means verifying user identities through a combination of temporary tokens and email or phone confirmation.
- Updating your systems and backing up important files is crucial for information security. Updates and patches can get rid of bugs and potential security blind spots in your systems, while using modern operating systems like Windows 10 and MacOS makes your network tougher for hackers to penetrate because many known issues with legacy operating systems have been fixed and cybercriminals haven’t taken the time and effort to crack them. The case of the WannaCry ransomware, which exploited a vulnerability in Microsoft’s SMB protocol, makes this clear. The company had patched the problem two months before attacks began, but older systems running Windows XP, which was no longer supported – including Britain’s National Health Service – were hit hard by this new ransomware.
- Backing up important files is also a basic precautionary step that organizations should take to easily limit the impact of ransomware. If backed up files are encrypted by hackers, the victim can simply wipe the slate and restore the previously saved information.
- Organizations should seriously consider protecting themselves with cyber security insurance, which covers events such as the need to pay a ransom.
- To provide a further layer of protection against malicious insiders, workstations of employees that handle sensitive information should be monitored continually to ensure that critical data isn’t mishandled.
- As the saying goes, a good offense is often the best form of defense, so hiring penetration testers is a great way to stay one step ahead of hackers. Pen testers specialize in the offensive side of cyber security and continually screen systems, testing them for weakness by simulating attacks on your company’s digital infrastructure and databases.
Looking to the Future
The history of cybercrime, and of ransomware attacks, in particular, has shown that the size and activity scope of a business or government agency does not make it immune from cyber threats. Without the proper precautions and safeguards, any organization can fall victim to hackers and other cybercriminals, and the cost may be as high as the survival of the organization itself. With threats multiplying on a daily basis, investing in cyber security means investing in the future of your organization.