Re-Thinking The Threat Of Ransomware

In the last year there has been an endemic use of ransomware on a large scale and at a global level.  To put this into context, a recent report from Druva estimated that 4,000 ransomware attacks occur each day, while a report from Verizon ranked ransomware as the number one piece of crime-ware used by cyber-criminals in 2017.

The National Cyber Security Centre has also identified ransomware as the most common cyber extortion method used by cyber-criminals to target UK businesses.

Ransomware is a type of malware that restricts access to a computer or its data and demands money for it to be released. The threat is typically spread via phishing emails, spam campaigns, drive-bys or programs downloaded to a computer by an unwitting user visiting an infected website. 

In May last year, WannaCry, one of the world’s most publicised ransomware variants caused global panic when it hit the NHS and left hospitals unable to access patient data. So, where did ransomware come from, is it a new threat, how is it evolving and, most importantly, what steps can organisations take to protect against it?

History of Ransomware 
Ransomware is not new and has been around since 1989 with the first ever documented case being the AIDS Trojan (or PC Cyborg ransomware) created by Joseph Popp, who distributed 20,000 infected floppy disk drives to the participants of the World Health Organisations AIDS Conference.

Since then, ransomware has appeared more frequently due to the amount of money that can be made using the technique.  
In 2017 the same report from Druva estimated that the ransomware industry has quadrupled over the past year, reaching an estimated $1 billion. As a result of the huge financial return on ransomware, cyber-criminals are constantly developing new variants in a bid in ensnare more victims and bypass security defenses.

The latest ransomware variants have deployed new strategies for the delivery of the malware. Whilst most ransomware typically requires some sort of user interaction, recent research has demonstrated how hackers have infected systems with WannaCry by exploiting a remote code execution (RCE) vulnerability, which allowed them to infect unpatched systems without user’s interaction. This is something that is usually associated with a worm rather than ransomware.

To Pay or Not to Pay
One of the key dilemmas an organisation faces when infected with ransomware is whether or not to pay the fine. This is particularly true for organisations that do not have a comprehensive back-up strategy in place and risk losing access to their files entirely if they do not pay. Whilst many law enforcement agencies and security practitioners often advise against paying ransoms for this criminal activity, reports suggest that severe disruption to services and the lack of backups sometimes leads to organisations giving in and paying the criminals for the release of their data.

However, as has been demonstrated in many recent attacks, even when organisations do pay the fine, there is no guarantee they will receive their files back. Additionally, in some cases when an organisation opts to the pay the ransom, they only receive part of their data back in return. 

This ultimately means organisations need to assess if paying the fine is worth it at all, when there is absolutely no way to know if the cybercriminals will ever return their files. 

Some businesses also believe that paying the fine makes sense because they believe their data is worth more than the ransom. However, the danger of paying is that they are essentially funding the ransomware industry, which will ultimately make it more profitable for cyber-criminals and lead to more attacks. So, what are the best ways to mitigate a ransomware attack without having to pay the fine? 

Protecting Against Ransomware
To protect against the tidal wave of ransomware attacks, organisations need to improve their software patching processes. Many organisations, for example the UK NHS, were caught out because they did not update their systems with the relevant patches in time.

Another lesson that can be learned from these events is that vulnerability disclosure practices within the industry need to improve as no single organisation can defend against these threats on its own. 

For any organisation that does fall victim to a ransomware attack, it is very important to carry out a post incident analysis. This will allow them to analyse how they contained the event and if there are any changes that could be made to improve their response, should a future attack occur.

Infosecurity- Magazine

You Might Also Read:

British IT Bosses Fear Sophisticated Cyber Threats:

FBI: Don’t Pay Bitcoin Ransomware:

 

 

« Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers
Hacker Group Targets Healthcare Providers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

GuardKnox

GuardKnox

GuardKnox protects the users of connected vehicles against threats that can endanger their physical safety and the safety of their personal information.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

Kiuwan

Kiuwan

Kiuwan provide software security solutions with SAST and SCA source-code analysis that fit into your DevOps process.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

Prime Technology Services

Prime Technology Services

Prime Tech are a group of Red Hat, Microsoft & Cisco Certified IT Professionals with an impressive track record of consistently delivering value to our corporate clients.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

CASwell

CASwell

Caswell is an industry-leading OEM/ODM specializing in networking, security, SD-WAN, NFV, telecommunication and IoT applications.