Ransomware Has Become One of 2016’s Top Digital Dangers
Ransomware is an increasingly prevalent threat. It affected nearly half of businesses in 2016 and is considered one of the top digital dangers to large companies this year; it has replaced advanced persistent threat (APT) network attacks as the most problematic cyber threat.
The FBI indicates that ransomware was responsible for casualties of $209 million in the initial three months of 2016 in contrast with $24 million for all of 2015.
The value of personal information gathered from cyberattacks is plummeting as the black market is flooded with stolen records. Even the value of stolen health care records are down fifty percent to sixty percent from last year. In contrast, the price per ransom has increased.
Emboldened by success, criminals are coming up with modern technologies and attacking smart homes, connected cars and the healthcare industry.
It has never been easier to profit from ransomware; it has a low level of risk and a high return of investment.
In a recent ransomware attack on the San Francisco Rail System, the hacker claimed he had compromised thousands of computers at the SFMTA. The files encrypted by his ransomware, he said, could only be decrypted with a special digital key, and that key would cost 100 Bitcoins, equivalent to USD $73,000.
The data leaked from the SFMTA shows how fruitful and lucrative this ransomware attack could have been if the organization hadn’t been prepared. According to the FBI, cybercriminals collected $209 million in the first three months of 2016. One example of this is a South Carolina school district that paid an estimated $10,000 when cyber-criminals locked up its computer servers. The SFMTA for its part said it never considered paying the ransom. They had a team ready to restore the system using backups of most affected computers. As this experience shows, having appropriate and regular backups of the organization’s data can mitigate the impact of ransomware attacks. But unsecured backups can likewise be encoded by ransomware, so it’s important to guarantee backups are not connected to the computers and networks they are backing up. Businesses can secure backups in the cloud or physically storing them offline. Nonetheless, ransomware can also affect cloud-based backups when systems back up in real-time.
This back up system was precisely what the FBI has been asking businesses to do for years: back up the data, verify the integrity of those backups, and ensure the files aren’t exposed to ransomware.
The FBI recommends users consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack:
- Regularly back up data and verify the integrity of those backups. backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
- Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline. It should be noted; some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real-time, also known as persistent synchronization.
- Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
- Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
- Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
- Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
- Disable macro scripts from files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office Suite applications.
- Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.
It’s clear that the prevalence of ransomware will continue to increase, but according to a McAfee report, there are a number initiatives trying to slow down attacks. However, there is no “silver bullet” to solving the ransomware epidemic. Businesses need to carefully evaluate their areas of risk and make smart security investments to manage their exposure.
Did you know that October is National Cyber Security Awareness Month (NCSAM)? In October, Advoqt joins the nation in its annual campaign to raise awareness of the importance of cybersecurity. NCSAM was developed with the purpose of engaging and educating the public and private sector about the importance of cybersecurity. Advoqt is proud to support this effort by providing tips for how to stay safe online and increase the resiliency of your organization in the event of a cyberattack.
Explore Other Resources from Advoqt Technology Group
The blog created by Rapid7 concerns security orchestration and automation tools. The blog gives a definition of what these tools do. A SOAR implementation would begin with defining and understanding the security issues being faced by the organization and thinking...read more
Our fifth article is from Buyer’s Guide and is an article by Karen Scarfone of Scarfone Cybersecurity. This article gets into specifics concerning the top security information and event management (SIEM) systems. The tools collect security log data from many sources,...read more
Our fourth article is a blog by Rostam Dinyari, a strategic cloud engineer, and concerns how an organization needs to gather and prepare data for machine learning deployment. A list of guidelines is presented. The first phase in data collection is to define the types...read more