Enterprise Strategy Group Founder and Senior Analyst Steve Duplessie recently made this sobering statement:
“Ransomware is dramatically raising the stakes when it comes to cyber security. We’re moving from theft, which is costly, to potential catastrophe. There are forces at play now that aren’t satisfied with just stealing your money, they want to destroy your entity. You can either start taking these threats seriously, or start looking for a hole to crawl into. Ignorance is no longer bliss.”Security experts and law enforcement officials agree that ransomware is the most serious security threat organizations face today. In fact, ransomware attacks have reached epidemic proportions, with organization of all sizes in a wide range of industries affected.
Ransomware is a high-tech take on the age-old art of the shakedown. Malware uses strong encryption to “lock” all the files on the victim’s computer — and any attached network drives or file systems. Unless detected and stopped, the malware can spread quickly throughout an organization, rendering critical data useless. Once the malware has done its job, the cybercriminals behind the attack display a message demanding money in exchange for the decryption key needed to unlock the files.
The scheme has been so successful that it has expanded rapidly from limited, small-time attacks to large-scale criminal operations. The healthcare sector has been a frequent target of attacks, with several large hospitals virtually shut down by ransomware in the past year. However, industries ranging from retail to manufacturing to financial services have fallen victim to ransomware attacks.
According to the U.S. Computer Emergency Readiness Team (CERT), there has been a proliferation of ransomware variants as well as an increase in the number of attacks. By some accounts, there are now more than 120 separate families of the malware. Infoblox reported a startling 3,500 percent increase in ransomware domains in the first quarter of 2016 compared to the last quarter of 2015.
The malware is typically distributed via phishing emails with malicious links or attachments, although there have been reports of malicious code on legitimate websites. End-users should be warned of the threat and reminded not to open any email attachments or click any links unless they are confident the source is legitimate. To contain the threat, file systems should be configured to read-only access wherever possible.
Odds are high that your organization will suffer a ransomware attack despite these efforts. Law enforcement officials advise organizations not to pay the ransom — it only perpetuates the problem and funds other criminal activities. There’s also no guarantee that you’ll obtain the encryption key. Your best hedge against an attack is to continuously back up data, keeping in mind that your backups need to be protected. Either keep the backup system offline between backups, or limit write access to the backup files. There are also solutions that can roll back to a specific point in time or file version should data become corrupted.
Finally, it’s important to have an incident response plan in place so that you can recover as quickly as possible and take steps to identify the source of attack. Technologent’s security team can help you mitigate the risk of ransomware and minimize the impact should an attack occur.
December 5, 2016