Ransomware is no joke; you’d be fooling yourself to think it’s not a problem that’s only increasing in use and severity. It continues to be a huge issue for companies and has gotten a lot of play with cybercriminals who are looking for a low-risk/high-reward method to make a quick buck. A recent report found that ransomware attacks grew by 600% in 2016, which demonstrates the gravity of this attack method that prevents victims from accessing their own files or systems unless they pay a ransom. As organizations continue to comply with the attackers – dipping into their pockets and paying ransom demands – we can expect more cybercriminals to gravitate towards this malicious attack method and may start to see the concept of ransom being applied to other attack vectors as well.
A prankster’s dream: low consequences
Not only can ransomware be highly profitable, it’s also low risk. It’s an ideal situation for a cybercriminal. Historically, attackers would target high-value personally identifiable information (PII) – social security numbers, credit card information, health records, etc. – in the form of data theft. However, these methods typically leave behind a digital breadcrumb trail back to the hacker and requires multiple steps or often accomplices to convert PII into cash creating even more chances to get caught.
Ransomware attackers often demand payment in Bitcoin, an anonymous online payment system, which enables them to receive payments without leaving evidence of any self-identifying information. Since it’s all electronic, there’s no need to cash a check or transfer money to a personal account. All a hacker needs to do is find someone to successfully phish and it’s payday.
Joke’s on you! Ransomware isn’t just about the malware
As ransomware gains more favor with attackers, we expect to see a quantum shift in the kind of attacks that use the concept of ransom to pursue bigger and more high-risk targets. While the healthcare industry is being hit hard today, utilities, smart cities, and Internet of Things (IoT) devices are the ransom victims of tomorrow. We’ve already seen hackers lock hotel doors and refuse to unlock them until a ransom is paid. This is just the tip of the iceberg of what hackers can do.
While the ransom threat landscape is continuously changing, there are a few things an enterprise can do to prevent data loss:
- Regularly back up files to allow the organization to reimage an infected machine and restore a file system from backup, with little to no data loss.
- Keep security solutions as up-to-date as possible, ensuring the protection capabilities of firewalls, antivirus, and intrusion prevention systems are being used to their full capacity.
- Upgrade to a next-generation Endpoint Protection Platform to block malware.
While these are just a few ways an enterprise can protect themselves, it’s also important to know how to detect ransomware once you’ve been hit. It’s critical to detect malicious code at the endpoint and block it with automated containment or malware removal. While no service is 100% effective at preventing ransomware on the endpoint, it’s key to preventing malicious code from spreading to other devices. It’s also critical to actively monitor for Indicators of Compromise (IOC) and anomalous behavior of devices to detect potential ransomware that is not blocked at the endpoint or other non-malware related attacks and perform automated response actions to contain effects of compromises.
MSSPs with MDR up your game
Using a managed security service provider (MSSP) that provides detection and response services, like Proficio, can help enterprises prepare for this new evolution in the concept of ransom. MSSPs are monitoring 24×7 and possess the knowledge and collective crowd enabled experience that a typical in-house security team simply wouldn’t have. While in-house security teams may see a few ransomware attacks per year, MSSPs see hundreds of attacks per week on their customers’ systems. Therefore, MSSPs have a greater understanding about the different variants, simply because they deal with and remediate a larger volume of threats, and are often able to catch the attack sooner as they know what to look for.
An MSSP will have more advanced analytics and up-to-date threat intelligence to prevent or detect and respond to these attacks at the perimeter or endpoint, in addition to more advanced analytics for the detection and response capabilities. They can engage company staff and implement training exercises, simulating phishing attacks through online training programs and arming enterprise employees with the knowledge they need to identify social engineering attempts.
Fooling the trickster
While ransomware is a powerful threat because of its high profitability and remarkable success rate, it doesn’t mean your organization should be defenseless. By understanding who hackers are going to target next, how the concept and applications of ransom are changing, and how an MSSP can be a strategic security partner, an enterprise can start to put the wheels in motion to prepare for the next generation of attacks. At the end of the day, knowledge, a well-maintained security policy, and a response plan can be key to evading a ransomware trickster.
For more information on how you can protect yourself against ransomware, download a copy of our whitepaper: Ransomware Prevention and Detection