From email to blackmail
Added Wednesday 12 October 2016
There is no escaping the fact that ransomware is on the rise. It dominates the news headlines and according to a recent BBC report, there are now more than 120 separate families of ransomware, with researchers seeing a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns.
But what does the rise of ransomware mean for business today? Does it pose a real risk to organisations, or is it simply a case of 'media hype'?
Ransomware attackers are beginning to go after larger organisations, having crafted their techniques by targeting individuals and smaller operations. The bigger the target, the more financially lucrative it is, so whilst the number and varieties of attack are increasing, it's also more and more critical systems that are being hit.
Ransomware: A silver lining
Contrary to belief in some quarters, ransomware is not simply a distraction from bigger issues facing the security industry. Instead, it should be viewed as a wake up call, because if organisations are getting infected by ransomware, which isn't generally a very sophisticated means of attack, then they will undoubtedly be vulnerable to attacks from elsewhere too.
Thanks to extensive media coverage, ransomware is also helping to raise awareness of security issues amongst senior executives and board members. Having seen in the news what can happen when an organisation suddenly can't access its data, they are becoming more proactive and supportive in working with IT to address wider security issues.
How can I protect against Ransomware?
Whilst there are specific solutions available to protect against ransomware, it's generally best to take a more unified approach to your security strategy rather than adding in separate solutions to address separate threats. Traditional security approaches such as firewalls or anti-virus solutions will not be sufficient and organisations need to take a layered approach - investing in new technology and improving their security processes at the same time.
1. Focus on the endpoint:
Devices that leave the network need to be self-protecting, so endpoint protection software needs to be kept up-do-date and remain turned on within individuals' security settings. New technologies are available that can be layered on top of your existing endpoint protection solution - taking a different and complementary approach through the use of machine learning, algorithms or behavioural detection techniques.
2. Focus on email and web gateways:
These gateways represent 2 key points of infection, as a lot of ransomware begins with phishing attacks through email, with most of the executable ransomware that actually completes the task coming from the internet. Consider opportunities for cloud-based secure web gateways that can follow your users wherever they go. That way, even if they're working from home, they'll still get the same level of protection from ransomware.
How will ransomware evolve?
The BBC report acknowledged that the spread of ransomware is being aided by tricks cyber-thieves use to avoid being detected by traditional security software. According to the report, a lot of ransomware reaches victims via spear-phishing campaigns or booby-trapped adverts, but other gangs use specialised "crypters" and "packers" that make files look benign. Others rely on inserting malware into working memory so it never reaches the parts of a computer on which most security software is focused.
According to the 2016 Security Roundup Report from Trend Micro, there's also been a significant rise in the number of attacks launched against specific business-critical processes, such as SAP or Oracle systems. These attacks will be harder for organisations to recover from, as it won't simply be a case of restoring the data.
Yet another wave of attacks is expected to target IoT devices. A recent blog by Ben Dickson, founder of TechTalks, explored this potential threat in detail. Essentially though, despite the fact that IoT devices store little or no data, the fact that they increasingly drive critical systems such as drug infusion pumps, pacemakers, power grids and water pumping stations, means that the impact of losing access to them is instant and significant. From an attackers point of view, this makes IoT devices a particularly appealing and potentially lucrative target.
Any size of business in any industry is a potential target, so ransomware isn't something you can afford to ignore. IBM have produced an infographic and Response Guide to help organisations develop a best practice approach and protect themselves against ransomware attacks.