Re-Thinking The Threat Of Ransomware

Uploaded on 2018-05-09 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

In the last year there has been an endemic use of ransomware on a large scale and at a global level.  To put this into context, a recent report from Druva estimated that 4,000 ransomware attacks occur each day, while a report from Verizon ranked ransomware as the number one piece of crime-ware used by cyber-criminals in 2017.

The National Cyber Security Centre has also identified ransomware as the most common cyber extortion method used by cyber-criminals to target UK businesses.

Ransomware is a type of malware that restricts access to a computer or its data and demands money for it to be released. The threat is typically spread via phishing emails, spam campaigns, drive-bys or programs downloaded to a computer by an unwitting user visiting an infected website. 

In May last year, WannaCry, one of the world’s most publicised ransomware variants caused global panic when it hit the NHS and left hospitals unable to access patient data. So, where did ransomware come from, is it a new threat, how is it evolving and, most importantly, what steps can organisations take to protect against it?

History of Ransomware 
Ransomware is not new and has been around since 1989 with the first ever documented case being the AIDS Trojan (or PC Cyborg ransomware) created by Joseph Popp, who distributed 20,000 infected floppy disk drives to the participants of the World Health Organisations AIDS Conference.

Since then, ransomware has appeared more frequently due to the amount of money that can be made using the technique.  
In 2017 the same report from Druva estimated that the ransomware industry has quadrupled over the past year, reaching an estimated $1 billion. As a result of the huge financial return on ransomware, cyber-criminals are constantly developing new variants in a bid in ensnare more victims and bypass security defenses.

The latest ransomware variants have deployed new strategies for the delivery of the malware. Whilst most ransomware typically requires some sort of user interaction, recent research has demonstrated how hackers have infected systems with WannaCry by exploiting a remote code execution (RCE) vulnerability, which allowed them to infect unpatched systems without user’s interaction. This is something that is usually associated with a worm rather than ransomware.

To Pay or Not to Pay
One of the key dilemmas an organisation faces when infected with ransomware is whether or not to pay the fine. This is particularly true for organisations that do not have a comprehensive back-up strategy in place and risk losing access to their files entirely if they do not pay. Whilst many law enforcement agencies and security practitioners often advise against paying ransoms for this criminal activity, reports suggest that severe disruption to services and the lack of backups sometimes leads to organisations giving in and paying the criminals for the release of their data.

However, as has been demonstrated in many recent attacks, even when organisations do pay the fine, there is no guarantee they will receive their files back. Additionally, in some cases when an organisation opts to the pay the ransom, they only receive part of their data back in return. 

This ultimately means organisations need to assess if paying the fine is worth it at all, when there is absolutely no way to know if the cybercriminals will ever return their files. 

Some businesses also believe that paying the fine makes sense because they believe their data is worth more than the ransom. However, the danger of paying is that they are essentially funding the ransomware industry, which will ultimately make it more profitable for cyber-criminals and lead to more attacks. So, what are the best ways to mitigate a ransomware attack without having to pay the fine? 

Protecting Against Ransomware
To protect against the tidal wave of ransomware attacks, organisations need to improve their software patching processes. Many organisations, for example the UK NHS, were caught out because they did not update their systems with the relevant patches in time.

Another lesson that can be learned from these events is that vulnerability disclosure practices within the industry need to improve as no single organisation can defend against these threats on its own. 

For any organisation that does fall victim to a ransomware attack, it is very important to carry out a post incident analysis. This will allow them to analyse how they contained the event and if there are any changes that could be made to improve their response, should a future attack occur.

Infosecurity- Magazine

You Might Also Read:

British IT Bosses Fear Sophisticated Cyber Threats:

FBI: Don’t Pay Bitcoin Ransomware:

 

 

« Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers
Hacker Group Targets Healthcare Providers »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Site24x7

Site24x7

Site24x7 is an AI-powered observability platform for DevOps and IT operations.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.