In February 2016, Hollywood Presbyterian Medical Center, an LA hospital admitted to paying $17,000 (£12,000) in bitcoins as ransom to a cyber criminal!
Swallowing Bitter Pills of Ransomware
The hospital lost access to its systems following a malware infection that encrypted their systems’ files. With technological deprivation due to access denial, communication routed to faxes and patient notes were recorded with pen and paper.
And it’s not just the healthcare industry that has become a lucrative target for cyber criminals. In 2016, major sites including New York Times, BBC, AOL, and NFL were hit by ransomware ‘malvertising’. The cyber attackers inserted ads that comprised malicious software into multiple ad networks. It targeted security loopholes in obsolete versions of Silverlight, Flash, and other software.
Cerber Ransomware and Microsoft Office 365
Recently, investigators also found a new variety of the Cerber ransomware targeting Office 365. This ransomware deceptively bypassed various security measures that Microsoft had in place and exposed the data of millions of Office 365 users. Not only was there a ransom note included, but Cerber also left an audio clip for users warning them that their files had been encrypted and demanding a ransom be paid in order to recover access to the user’s data.
Newer strains such as the Cryptowall, an extremely disastrous variant of ransomware, are creating furor among businesses. Using Cryptowall, hackers are now able to use asymmetric encryption, a technique in which the decryption is key is not the same as the encryption key and is therefore, not stored along with the encrypted data. The victim is left with no choice but to pay the ransom in order to obtain the decryption key to unlock the data.
If you see this, you are in deep trouble!
A Distressing Situation for the CISOs
With latest reports of Ransomware extending its grip over large businesses and SMBs alike, it becomes imperative to discuss the burgeoning role of information security in tracking, containing and combating ransomware attacks.
According to a report by the U.S. Department of Justice, ransomware attacks have quadrupled this year from a year ago, averaging 4,000 a day.
Yet another report by the Federal Bureau of Investigation states that Ransomware attacks cost victims $209 million in the first three months of the year. Costs include lost productivity and staff time to recover files. The total is up from $24 million for all of 2015, or about $10,000 an infection.
Before we can delve into how organizations can protect themselves against such attacks, it is first important to understand the tactics being employed by cyber thieves:
- Surprising as it may sound, when it comes to ransomware attacks, almost half of them came from employees, specifically mid-level managers or higher, clicking on suspicious links in emails. This tactic was particularly successful in the U.S. and Germany. Organizations should also be aware that several ransomware attacks are made possible because of existing bugs in software, especially when new updates are not installed.
- Let’s admit it. Being unable to retrieve important files is more than just an inconvenience – it can destroy a company’s reputation, cripple their vital business operations and drastically diminish productivity. Financial losses from these aspects coupled with the additional payment for decryption tools also cause havoc to the business. Several organizations hoping to stop or limit the damage being caused, make the hard decision to pay the ransom demanded from them. However, the downside of going this route is, businesses that pay will quickly get marked as a paying customer, encouraging hackers to continue sending ransomware-related emails.
- Ransomware attacks are made possible with social engineering baits and the use of low quality encryption. A common tactic employed by ransomware attackers is to delete shadow copies, which removes backup copies of files, making recovery hard and in some cases, plain impossible. Crypwall, Locky and Cerber are a few of the variants using this technique.
- In a strange twist of progress causing setbacks, a big factor in the rise of ransomware has been the increasing usage and stability of bitcoin. Hackers typically demand a bitcoin payment because of the ease in sending/receiving money anywhere in the world and better still, anonymously.
How can enterprises secure their environment?
Ransomware’s rapid growth is rooted in the fact that cyber criminals find it much easier to carry it out and profit from it compared to any other scams.
“If history has shown the security community anything, it’s that breaches are not a matter of “if” but “when”. At the end of the day, the CISO and security people have to realize that you cannot prevent everything.”
Businesses looking to protect themselves against ransomware attack should adopt a multi-layered defense:
- Enterprises should offer training to its employees and key stakeholders to understand ransomware and how they can contribute towards securing their organization’s environment. Backing up is wise, but not a sure-fire solution. As a part of the multi-layered defense, it is vital to secure from endpoints to networks and servers.
- Given that ransomware attacks are typically caused by employees opening spam emails, it is critical that organizations focus their efforts to detect and block ransomware-related emails.
- All nefarious attachments should be nipped at the bud and not allowed to reach enterprise servers – no matter where they are – whether physical, virtual or on the cloud. A large number of ransomware can be blocked at email and web levels
Are you looking to build a strategy to bolster cybersecurity and protect your organization from ransomware attacks? Perhaps, one of our IT experts can help you.