Ever since computers became vital business tools, organisations have faced a constant battle when it comes to IT security. Viruses, worms and other malware types have caused increasing disruption and losses as their sophistication and capabilities have risen.
Fast forward to 2017, and one of the most feared types of cyber attack is ransomware. Designed to extort money from a victim, it has the potential to disrupt operations and cause massive financial losses.
According to a survey by US-based Osterman Research of companies in the United States, Canada, Germany and the United Kingdom, 73% of those surveyed admitted they had fallen victim to a cyber attack during the previous 12 months. Alarmingly, 39% of respondents confirmed they had been the victim of a ransomware attack in the same period.
The rise of ransomware
Designed to achieve financial gain for criminals, ransomware attacks involve malicious code that infiltrates a victim’s computer or a company’s IT infrastructure where it quickly encrypts stored data. The first a victim knows an attack has taken place is when a message appears demanding a ransom payment in exchange for the decryption code.
Ransomware can be delivered in a number of different ways. Email attachments and infected websites are some examples, as are exploit kits and even inserting an infected USB drive into a PC. Some users fall victim as a result of a phishing attack where an email message looks to have come from a legitimate source but has in fact come from a criminal. Opening an attachment to the email or clicking on a web link within it is all it takes to launch the attack.
Industry research shows the sectors most heavily targeted by ransomware criminals are healthcare and financial services. Both rely on sensitive customer data and stand to suffer severe losses should those data stores become inoperable.
According to research, around 40% of ransomware victims opt to pay the ransom and thus overcome the problem. Of those who don’t, it can take anywhere from 25 to more than 100 hours of work to restore systems and make the IT infrastructure operational once more.
Another interesting trend has been dubbed ‘ransomware as a service’. This involves criminals who want to use the technique but don’t have the technical skills to write their own code. Instead, they turn to code writers and purchase the right to use their tools. Each can be personalised for the attacker and include their particular demand and required method of payment.
Securing against the threat
There’s little chance the threat of ransomware will decline any time soon. As a result, organisations need to ensure they are taking the steps necessary to keep their IT infrastructures as secure as possible. Some of the key areas to address include:
- Email monitoring: A high proportion of ransomware attacks enter target organisations via email. It’s vital to have scanning tools in place that can examine attachments and web links to ensure they pose no security threat.
- Limit admin rights: The number of people within an organisation who have administrator rights should be strictly limited. An infected computer with admin rights will allow an attacker to readily access other parts of the infrastructure. Removing admin rights will reduce the likelihood of this occurring.
- Undertake staff training: It’s important to ensure all staff are aware of the threat posed by ransomware. They should also know what steps they need to take to reduce the chance of attack. Being aware of phishing scams and the dangers of suspicious attachments is a good place to start.
- Compliance is the baseline: Many organisations believe that, if their security meets standards for regulatory compliance, their work is done. Rather, compliance standards should only be regarded as a starting point, and augmented with further tools and protective layers.
- Consider cyber insurance: The cost of dealing with the aftermath of an attack can be significant. Increasing numbers of organisations are opting to take out insurance policies to guard against the risk. For some smaller organisations without such protection, an attack could be so costly it puts them out of business.
- Deploy Virtual Desktop Infrastructure (VDI): VDI can strengthen security when it comes to remote access of centralised resources. It can reduce the likelihood of a successful attack by ensuring all resources remain protected at the centre of the infrastructure.
Finally, regular backups should be on every organisation’s and individual’s action list to ensure as a tight a security posture as possible.
Constant vigilance
Because the malware space, and ransomware in particular, is evolving at an ever-increasing rate, security cannot be a set-and-forget item for any organisation. It is important that all protective layers are assessed regularly to determine that they are able to provide the level of security that is required.
Today, more and more companies are indeed utilising anti-ransomware technology to protect systems from zero hour ransomware. However, by putting in place tools, monitoring their performance, and constantly evaluating the threat landscape, organisations can be best placed to ensure their operations do not fall victim to a ransomware attack.
About the author
Jim Cook is the ANZ Regional Director of Malwarebytes, an anti-malware software company