Ransomware is virtually impossible to remediate once it takes control of a system.
Ransomware has become such a prevalent cybersecurity threat that the United States and Canada issued a joint alert in March about its dangers. In it, the U.S. Department of Homeland Security and the Canadian Cyber Incident Response Centre warned that ransomware, which typically spreads through phishing emails and downloads from infected websites, “can be devastating to an individual or organization, and recovery can be a difficult process.”
Ransomware is virtually impossible to remediate once it takes control of a system. It locks all the data within the system and demands the user to pay for a decryption key to unlock the files. Ransom demands are typically in the $200 to $400 range, but if multiple users get hit, the cost to an enterprise can quickly escalate.
Calling it a “formidable enterprise threat,” SecurityWeek.com reported that enterprises are increasingly in the crosshairs of ransomware attackers. In one case, involving the Hollywood Presbyterian Medical Center in Los Angeles, cyber thieves made off with $17,000 in ransom.
Forbes recently called ransomware attacks an epidemic. Based on research by security vendor Kaspersky Lab, Forbes said more than 2.3 million PC users worldwide “encountered malware” from April 2015 to March 2016, 18 percent more than the previous 12 months.
With names like Locky, TeslaCrypt, Troldesh, CryptorBit, ransomware variants have multiplied and spread like a wildfire in a drought. It generates millions of dollars for cybercriminals monthly. One strain, CryptoWall, raked in an estimated $325 million. CryptoWall accounted for more than 90 percent of ransomware analyzed in October and November 2015, according PhishMe, a security vendor specializing in phishing threats.
As often happens with evolving security threats, businesses are ill-prepared to handle ransomware attacks. A recent study by the Ponemon Institute reveals 56 percent of companies say malware attacks “have become stealthier and more difficult to detect.” Only 38 percent of respondents in the Ponemon study have a strategy to address destructive software such as ransomware.
The genius of ransomware is it leaves victims with little choice but to pay up – unless they’ve been meticulous about backing up their data. Ransom amounts are accessible enough to make paying more attractive than hiring a data recovery specialist. Even some police departments attacked by ransomware have chosen to pay.
Ransomware is effective for several reasons. A user who suddenly sees a message such as, “Your computer has been infected with a virus. Click here to resolve the issue,” can easily fall prey to the bait. It’s the same reason phishing emails are so successful: Unless trained to spot phishes, users often let curiosity or fear guide their actions. So they’ll click on an infected attachment.
From the criminal’s perspective, ransomware is cheap and effective. You don’t need sophisticated hacking skills to download malware-as-a-service packages to craft your own attack on a group of users or organization. For a few hundred dollars, your attack can generate tens or hundreds of thousands in digital extortion schemes.
So how can an enterprise protect itself from ransomware? The first step is user awareness, since it’s user action that typically leads to ransomware attacks. In the Ponemon study, 81 percent of respondents cited negligent and careless employees who don’t follow security policies as their biggest security challenge.
Behavior modification is essential to building defenses against ransomware and phishing. Without changing dangerous user habits, all other security measures are less effective. Homeland Security’s US-Cert, recommends these measures:
- Back up your critical data. If attacked by ransomware, you can avoid paying ransom or losing data by recovering it from a backup.
- Allow only duly vetted applications to run on your network and block all others, which boosts the chances of blocking malware.
- Always keep operating systems and applications current, implementing patches as they are released. Patches often contain fixes to vulnerabilities that hackers are adept at exploiting.
- Update malware-detection software and scan all software downloaded from the Internet.
- Prohibit users from installing and running unapproved software.
- Disable macros from email attachments. Hackers often embed code in macros to deliver malware.
Companies should also invest in bandwidth and secure Internet connections as added protection. Poor connectivity may encourage users to find ways around the problem, such as using potentially infected flash drives to transfer files. Ransomware already poses serious risks to the enterprise. You can minimize those risks by taking proper precautions against malware.