Ransomware is malicious software that encrypts or locks access to your data. The victim is then told to pay a ransom in order to regain access to this data. Ransomware is mostly delivered via Phishing emails, which are emails disguised as originating from a trustworthy source (bank, delivery company, co-worker , friend) requesting that the victim click on a link or email attachment. Doing so then launches the malicious software.
While ransomware-like software has been around for almost 30 years, it has more recently become a serious public menace. The term “ransomware” was even added to the Merriam-Webster dictionary in September.
During a six-week period in May and June of this year, the effects of ransomware became glaringly apparent. The WannaCry attack affected hundreds of thousands of systems globally. Then, weeks later another attack, NotPetya, reached epidemic proportions, wiping data from infected computers.
While the WannaCry and NotPetya attacks are considered to have been launched by military cyber warfare divisions, we have also seen the rise of Ransomware-as-a-Service. This allows amateurs with little to no coding ability, to simply purchase “kits” on the dark web, including easy how-to videos. They then launch attacks and generally pay a percentage of their ransom earnings to the kit suppliers. Creators of ransomware code are not only making money by extorting their victims, but also by selling these kits and earning a “commission”.
Experts predict there will be a trend in 2018 towards targeting non-Windows operating systems including MacOS , Linux distro and Android. Most often targeted by cyber criminals is the healthcare industry. This is because they are the most likely to pay ransoms. Also more likely to pay are critical infrastructure, education and small businesses.
It should be noted that ransomware can be accompanied by other malicious activity. While dealing with the effects of the resulting data encryption and whether to pay the ransom, other activity may be going on behind the scenes. The cyber thief may be infiltrating other computers on your network, stealing data, transferring funds etc. The ransomware infection could be the least of your problems. They could be lingering on your network even after the ransomware infection has been dealt with, and for that matter, may have been stealing information from your network before they launched the ransomware attack.
Besides encrypting files, some attackers threat to expose sensitive information to a victim’s contacts or to the public as “encouragement” to pay the ransom. These types of threats can’t be resolved by restoring backed up files as in the case of file encryption. If confidential, compromising or problematic information is about to be exposed, the victim is going to have a strong tendency to pay the ransom.
How can organizations best protect themselves against ransomware? Experts agree that the best defense is trained employees. A systematic method of training and even testing your people on a regular basis will help keep them alert to potential threats. In addition to training, it is critical that computer networks be monitored on an ongoing basis, to detect unusual activity, which would indicate if a cyber criminal has gained access and is indeed lurking on your network, so action can be taken as quickly as possible to block their activity.
BSC Solutions Group offers an award-winning IT security awareness testing and training service, with quarterly testing campaigns plus engaging on-line, on-demand training videos. In addition, our Security Guardian Service, provides ongoing security monitoring, alerting and reporting. Call us today for more details.