Security Experts Say It’s Never a Good Idea to Succumb to Ransomware
Ransomware has been much in the news due to the dangerous escalation in these types of attacks. Much attention has focused on healthcare attacks but all industries are vulnerable.
Recently reported ransomware victims include the U.K. Parliament, email service providers, a non-profit that helps people with disabilities, and even police departments. Some of the targets wound up paying the ransom, generally in cryptographic currencies, such as Bitcoin, to restore access to their data or systems. But security experts say it’s never a good idea to succumb to these demands.
The bad guys typically use malware to encrypt an organization’s data and then demand money from their targets to decrypt it. Decline to comply by a certain deadline and the ransom may go up – and so too may the risk that the hackers will delete the private key on the malware control server needed to decrypt the files. Ransomware also may work by locking a user’s screen until payment is made.
The 2016 Crypto-Ransomware Report, a survey of 275 IT vendor experts conducted by Researchscape International, found that more than 40% of respondents have seen their customers become victims of these attacks, and that the malware has infiltrated more than 20 different industries. Nearly 60% said they expect the number of attacks to increase in some degree this year.
Those companies with the most to lose from the attacks were in:
- Accounting, finance, banking: 64%
- Information technology: 46%
- Government: 45%
It’s pretty clear that your organization should be ready to confront the ransomware threat, whether hackers target individual employees’ systems and the networks they have access to or the company’s network at large. The first step, of course, is educating end users about how ransomware can creep up on them via:
- Phishing emails and malicious links in attachments
- Drive-by downloads from malicious or compromised websites
- Exploit kits that open the door to hacks simply by visiting a web page
Employees should guard against these potential attacks as they would any other kind of malware, starting with common-sense steps – avoid clicking on suspicious links in emails, for instance.
IT’s part in combating attacks against both individual users and enterprise networks includes keeping up with core security tasks that sometimes aren’t as rigorously adhered to as they should be. IT teams, for example, need to:
- Stay up-to-date with anti-virus and other security software, although in most ransomware cases, this won’t be enough
- Ensure users are properly trained on how to avoid malware
- Whitelist allowed software and prevent anything else from being executed
- Maintain multiple copies of regular backups on more than one media type – including offline media
- Keep a set of backups at off-site locations such as cloud systems
- Be vigilant about applying patches to apps and systems
The job is undeniably getting harder. According to recent research, ransomware attacks that encrypt all the data they can access are a more attractive method to hackers in comparison to individual end user attacks. These measures destroy local backups beforehand for an extra punch and come with a lump-sum payout requirement to let victims recover data.
This approach lets hackers avoid the higher costs and labor of maintaining the infrastructure for persistent attacks, and if they operate fast, they can more speedily receive payments from victims.
Ransomware authors are likely to develop ransomware with faster and more effective propagation methods in order to maximize impact and probability of receiving payment. Companies can anticipate a trend towards ransomware that can self-propagate and move autonomously through a network to devastating effect.
Paying can seem appealing to those who are unprepared for a ransomware attack, but there can be more serious problems associated with taking the easy way out. Several underground hacker sites keep track of those who have paid. Once a company is known to have paid up, they can expect to be targeted by even more attackers more often.
Clearly, IT security teams are going to have to get more sophisticated in their approach to what is likely to become a much tougher problem. They’ll have to consider how they can become more proactive in detecting these and other forms of advanced malware, for example, such as continuously monitoring their systems and networks in a unified fashion for malicious software and behavior anomalies specific to their environments.
Lawmakers are also proposing legislation that makes it a crime, punishable by fines and prison time, to knowingly introduce ransomware into a computer or network. But most businesses would prefer to shore up their defenses against these pernicious threats and avoid the courtroom drama in the first place.