Are You Unknowingly Susceptible To A Ransomware Nightmare?
April 14th, 2017 by admin
It’s a seemingly normal day; you’re putting finishing touches on a big new business presentation, when you are interrupted by a bizarre, ominous-looking message frozen on your laptop: your documents, photos, databases, and other important files have been encrypted. You look around and realize it’s not just you; it’s on every computer screen in the company. Your organization’s information is being held hostage by cybercriminals, and it will be forced to comply or lose all data. It may sound like something out of a science fiction movie. But ransomware is a very real thing impacting businesses of every size and industry, from financial companies to hospitals, public schools, even moms and pops. Thieves encrypt the victim’s files in this attack holding them, the decryption keys and the business hostage, until the ransom is paid, or not. Most often the attack is executed unwittingly when an employee is deceived into opening an attachment on an email or clicking on a link. And organizations don’t know it is happening, until it is too late. Though it has been around for decades, ransomware has only been growing most rapidly in the past few years with the introduction of bitcoin to gain anonymous payments and maintain ambiguity online. 56,000 ransomware infections occurred in March 2016 alone [1], and 39 percent of organizations surveyed had suffered at least one attack in the past year says a June 2016 survey from Osterman Research [2]. Malware programs are openly accessible to anyone on the “dark web” where thieves can easily purchase and download the software’ for criminal activity. This has prompted a 600% growth in new ransomware families in the first quarter of 2016 since December 2015 [3] to address ‘demand’. While thieves stand to profit heavily and rarely get caught, business operations cling to life in the background. The FBI estimates ransomware at a $1 billion revenue stream for criminals in 2016, with $209 million paid to them in the first three months that year alone; as just one example, a South Carolina school district paid $10,000 to get its files back [4]. We have known companies, with less than 50 employees being asked for $15,000, and Hollywood Presbyterian Medical Center was extorted $17,000 last February [5]. But paying up does not guarantee the data’s return, and having been hacked once, can leave businesses even more vulnerable in the future. What can organizations do to begin to minimize this cyber-attack? Following are four key information security aspects of ransomware of which every company should be aware.Your Employees May Unknowingly Be The Biggest Risk
From clicking on suspicious links, to plugging a ‘free’ thumb drive into a laptop or downloading unauthorized apps—one employee can unsuspectingly put an entire business in jeopardy. Email is the #1 delivery mechanism for ransomware, with infections starting via attachments or links, says Osterman [6]. In particular, spear fishing tactics pose the biggest threat. This scheme takes phishing to new levels, with messages appearing to come from someone in the company or another, known trusted source, such as an industry trade show, to obtain confidential information and infiltrate the network. Though not as common, watering hole attacks encourage people to download a ‘free, useful app’ upon which ransomware has been attached. Even common apps can be hacked and others might include ‘too good to be true’ offers; Is your computer running slow? We can speed it up. Download here! The biggest it security challenge may be educating employees not to click, and instead be aware of unexpected requests that could hurt the company. Organizations like PhishMe purposely create white hat spear phishing campaigns to lure employees to click. When they do, they are alerted that they have fallen trap and are required to take an online course to prevent it in the future.Technology To Empower Your Business Is Making It Worse
The same apps, mobile technology and digital communications required to compete can also make businesses more susceptible. As phone systems become more collaborative with unified communications (UC) and the ability to send chat messages, participate in 1-to-1 video and share screen access, security grows even more important, and some advanced UC providers are starting to include these measures. Similarly iPhones and other mobile devices, though not as likely targets, also pose threats. In November of last year, hackers gained access to over a million Google accounts through illegitimate apps infecting Android phones [7]. A remote employee working on his or her home network with a personal laptop that has recently been hacked may not know it initially. Unless the business has threat visibility technology to identify what is actually inside the network, the virus could attack the system, elevate privileges, gain administrative credentials and then spread to the company network.Security Needs To Be A Priority
If you are like most organizations, you know security is important, even critical, but often it is relegated lower on the list given a growing number of priorities and, sometimes, a false sense of protection, with businesses having some security in place. Ransomware is a true threat that does not discriminate and companies of all sizes need to be vigilant. Smaller companies without a full time IT manager on staff may be just as vulnerable as larger businesses with dedicated a senior information security officer (SISO) reporting in to the CEO, given the potential for ransom, damage to the business and what the company can afford to pay. Unfortunately, it is often not until something bad happens that security becomes the #1 priority, and then it is too late.Track & Control Sensitive Data
On top of ransomware, thieves have an arsenal of weapons for attack and can change finger prints and signatures so quickly most businesses are behind the eight ball. Up until the past year, just about every company was focused on protecting the perimeter and setting up firewalls. Now the elephant in room is that perimeter protection is not 100%, and while you need to have this proverbial fence around your house, businesses also need to prepare for perpetrators trying to leverage numerous other intrusions, malware/botnets, proxy and malicious applications. Businesses need a comprehensive strategy that includes next generation firewalls, antivirus and end point security, encryption, solid password processes, a backup system off site and threat visibility, such as big data anomalies detection, to know exactly what’s inside their network. Yet 63% of businesses don't have a ‘fully mature’ method to track and control sensitive data [8]. Many organizations are upping their game with technologies that leverage artificial intelligence to identify threats, and some are trapping and deceiving thieves with hidden ‘honeypots’ in their infrastructure to fight back. They are also looking to collaborative technologies that already incorporate security features, such as with ShoreTel’s new Connect unified communications system that automatically encrypts video web meetings, voice and email communications. How can you protect your organization from ransomware? Take 5 minutes to watch these quick videos to learn how and discover how you can get a free security assessment.- An ISTR Special Report: Ransomware and Businesses 2016, Symante
- Understanding the Depth of the Global Ransomware Problem, Osterman Research, August 2016
- Quarterly Threat Summary, Proofpoint, April-June 2016
- Cyber-extortion losses skyrocket, says FBI, CNN Tech, David Fitzpatrick and Drew Griffin, April 15, 2016
- Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating, Los Angeles Times, Richard Winston, February 16, 2017
- Understanding the Depth of the Global Ransomware Problem, Osterman Research, August 2016
- Nearly one million Android phones infected by hackers, Jose Pagliery, November 30, 2016.
- 2014 State of Risk Report, Trustwave.
Posted in: Uncategorized, Security