August 2017 Issue
Since 2012, ransomware has emerged as the one of the most widespread and potent forms of cyber attack companies can face. It has quickly usurped other forms of cyber crime, becoming the fastest growing cause of data security incidents worldwide.
Ransomware attacks, such as the ‘WannaCry’ virus which hit organisations the world over in May, encrypt an organisation’s data and demand payment within a certain timeframe or the data will be deleted. However, in some attacks, there is still a chance that victims will be unable to retrieve their files, even if payment is made.
Though many companies were able to patch their cyber defences following the WannaCry attack, not all were successful. In late June, businesses and government agencies around the globe were hit with a variation of the Petya ransomware, which demanded $300 in bitcoin before victims could regain access to encrypted files. Petya included code known as 'Eternal Blue', which cyber security experts believe was stolen from the US National Security Agency in April and was also used in WannaCry. It is this code which allowed the malware to spread so rapidly.
Furthermore, ransomware attackers do not discriminate in their targets. Businesses, hospitals and schools, among others, frequently fall victim to attack. The attack vectors used by cyber criminals are continuing to change, becoming more sophisticated. Ransomware-as-a-service (RAAS) type attacks such as ‘Spora’ are emerging as the next stage of evolution.
Indeed, in 2016, Janus Cybercrime Solutions, the reported author of Petya, apparently launched a ‘darknet’ RAAS website which offered criminals access to a sophisticated ransomware-distribution platform. Users, in exchange for a nominal registration fee, gained access to the platform which allowed customers to track infection rates via a web interface. They could also adjust ransom amounts depending on the target. Janus operated as a ‘professional cybercriminal’ organisation, even offering technical support, mitigating bug reports and fielding requests for new features to its beta platform. This increased sophistication and commercialisation among cyber criminals is a clear cause for concern.
According to SonicWall there were 638 million ransomware attacks in 2016, 167 times more than in 2015, which saw 3.8 million. The recent wave of attacks could be a catalyst for change, highlighting deficiencies within corporate cyber defences. As ransomware attacks continue to become more widespread – and effective – companies will have no choice but to become more resilient or suffer the consequences. How, then, can they respond?
Proactive prevention
As with all issues pertaining to cyber security, organisations must have sufficient preventative measures to protect their data. Company leaders cannot afford to bury their heads in the sand when it comes to cyber protection and dealing with ransomware attacks. While it can be expensive and time consuming for companies to reinforce defences, these costs may pale into insignificance compared to the financial and reputational damage of a successful attack. Furthermore, there is no room for complacency. Many organisations think ‘an attack could not happen to us’, however, statistically, it probably will in the future, if it has not happened already. Preparing for the worst is a prudent move.
An important step that companies can take is to ensure that all possible security updates are installed. Network vulnerabilities present low hanging fruit for cyber criminals. Ransomware often thrives in older systems where vulnerabilities are more likely to be found. The NHS in the UK, on the whole, uses some outdated machines and was heavily affected by WannaCry. According to Osterman Research Inc, 85 percent of ransomware infections originate from PC and mobile devices.
Companies must also have secure, offline backups of all of their data. Secure backups, whether on external physical hard drives or located with secure cloud-computing service providers, can greatly reduce the threat posed by ransomware. Backups allow companies to erase data from the infected computers and restore systems following a ransomware demand. However, this does not completely solve the problem for companies that fall victim to an emerging trend in ransomware attacks – ‘doxxing’ – as they will have their private or identifying information released publicly if payment is not made within a certain time frame.
Companies must also educate their staff about the dangers of cyber attacks and ransomware in particular. Employees should be on the lookout for malicious links and emails that may contain viruses. The vast majority of ransomware attacks occur when an employee clicks on a link, opens an infected attachment or visits a compromised website. For all companies, employees should be the vanguard of cyber defences. Training programmes highlighting the threat of phishing and malware must be a priority.
Employees should also be reminded to regularly update software on their mobile and other devices. While all software should be kept up to date, antivirus software is especially important.
Cyber attacks of all varieties are now a part of modern business, if not modern life. Companies must be prepared for an attack at any time. Part of that preparedness hinges on knowing what to do in the event that a breach has occurred. For companies affected by a ransomware attack, it is important to implement a cyber incident response plan that enables them to minimise business disruption and returns them to full business operation as soon as possible.
© Financier Worldwide
BY
Richard Summerfield