Security Experts Say It’s Never a Good Idea to Succumb to Ransomware

Security Experts Say It’s Never a Good Idea to Succumb to Ransomware

Ransomware has been much in the news due to the dangerous escalation in these types of attacks. Much attention has focused on healthcare attacks but all industries are vulnerable.

Recently reported ransomware victims include the U.K. Parliament, email service providers, a non-profit that helps people with disabilities, and even police departments. Some of the targets wound up paying the ransom, generally in cryptographic currencies, such as Bitcoin, to restore access to their data or systems. But security experts say it’s never a good idea to succumb to these demands.

The bad guys typically use malware to encrypt an organization’s data and then demand money from their targets to decrypt it. Decline to comply by a certain deadline and the ransom may go up – and so too may the risk that the hackers will delete the private key on the malware control server needed to decrypt the files. Ransomware also may work by locking a user’s screen until payment is made.

The 2016 Crypto-Ransomware Report, a survey of 275 IT vendor experts conducted by Researchscape International, found that more than 40% of respondents have seen their customers become victims of these attacks, and that the malware has infiltrated more than 20 different industries. Nearly 60% said they expect the number of attacks to increase in some degree this year.

Those companies with the most to lose from the attacks were in:

  • Accounting, finance, banking: 64%
  • Information technology: 46%
  • Government: 45%

Fighting Ransomware

It’s pretty clear that your organization should be ready to confront the ransomware threat, whether hackers target individual employees’ systems and the networks they have access to or the company’s network at large. The first step, of course, is educating end users about how ransomware can creep up on them via:

  • Phishing emails and malicious links in attachments
  • Drive-by downloads from malicious or compromised websites
  • Exploit kits that open the door to hacks simply by visiting a web page

Employees should guard against these potential attacks as they would any other kind of malware, starting with common-sense steps – avoid clicking on suspicious links in emails, for instance.

IT’s part in combating attacks against both individual users and enterprise networks includes keeping up with core security tasks that sometimes aren’t as rigorously adhered to as they should be. IT teams, for example, need to:

  • Stay up-to-date with anti-virus and other security software, although in most ransomware cases, this won’t be enough
  • Ensure users are properly trained on how to avoid malware
  • Whitelist allowed software and prevent anything else from being executed
  • Maintain multiple copies of regular backups on more than one media type – including offline media
  • Keep a set of backups at off-site locations such as cloud systems
  • Be vigilant about applying patches to apps and systems

The job is undeniably getting harder. According to recent research, ransomware attacks that encrypt all the data they can access are a more attractive method to hackers in comparison to individual end user attacks. These measures destroy local backups beforehand for an extra punch and come with a lump-sum payout requirement to let victims recover data.

This approach lets hackers avoid the higher costs and labor of maintaining the infrastructure for persistent attacks, and if they operate fast, they can more speedily receive payments from victims.

Ransomware authors are likely to develop ransomware with faster and more effective propagation methods in order to maximize impact and probability of receiving payment. Companies can anticipate a trend towards ransomware that can self-propagate and move autonomously through a network to devastating effect.

Serious Repercussions

Paying can seem appealing to those who are unprepared for a ransomware attack, but there can be more serious problems associated with taking the easy way out. Several underground hacker sites keep track of those who have paid. Once a company is known to have paid up, they can expect to be targeted by even more attackers more often.

Clearly, IT security teams are going to have to get more sophisticated in their approach to what is likely to become a much tougher problem. They’ll have to consider how they can become more proactive in detecting these and other forms of advanced malware, for example, such as continuously monitoring their systems and networks in a unified fashion for malicious software and behavior anomalies specific to their environments.

Lawmakers are also proposing legislation that makes it a crime, punishable by fines and prison time, to knowingly introduce ransomware into a computer or network. But most businesses would prefer to shore up their defenses against these pernicious threats and avoid the courtroom drama in the first place.

Learn how Masergy’s professional security services and managed security services can help you bolster your network defenses.

About David Venable

VP, Cybersecurity, Masergy
David Venable, Vice President of Cyber Security at Masergy Communications, has over 15 years experience in information security, with expertise in cryptography, network and application security, vulnerability assessments, penetration testing, and compliance. David is a former intelligence collector with the National Security Agency, with extensive experience in Computer Network Exploitation, Information Operations, and Digital Network Intelligence. He also served as adjunct faculty at the National Cryptologic School.

We use cookies to improve your web experience, better understand how our site is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. Read more and make cookie choices by visiting our privacy policy.