From hospitals and government agencies, to enterprise organizations and everyday business owners, to private citizens— it seemed like no one was immune from ransomware in 2016. As we are now well into 2017, we’re continuing to see alarming rates of ransomware attacks that encrypt data or lock digital files until a ransom is paid.
As the concept has existed for over 20 years, ransomware isn’t new, but it is increasing in frequency and sophistication. According to the FBI, law enforcement has seen a large increase in ransomware since 2015, with a larger focus on enterprise organizations that can be extorted for greater ransom. The trend is also showing that even when organizations pay, they may not fully recover their data.
The loss of access to critical data leaves its victims with two choices, either fork over the ransom or face massive disruption. These attacks are so successful because most organizations choose to pay. Even those who employ continuous backups and choose not to pay will take a hit to their reputation, lose data and face business continuity upset while they restore their systems.
The Face of Ransomware
Ransomware is a prolific form of malware, and it’s becoming more sophisticated. The days of a simple spam campaign through email are gone and spear phishing, malvertising and social engineering are fooling end users. We now have more notorious ransomware families to worry about:
- Reveton: Since 2012, Reveton has spread. Masquerading as a law enforcement warning of illegal online activities, cybercriminals use scare tactics to extort funds.
- CryptoLocker: Spread through Gameover ZeuS botnet, Cryptolocker has wreaked havoc by infecting around 150,000 computers a month at its peak. With this ransomware, the malware is easily removed, but important files remain scrambled with virtually unbreakable encryption.
- CryptoWall: This variant proves our claim that threats are becoming more sophisticated. Similar to CryptoLocker, CryptoWall is disseminated through multiple infection vectors, including browser exploit kits, malicious email attachments, and drive-by downloads.
- CTB Locker: Using persistent Elliptic Curve Cryptography, CTB Locker files are encoded with a unique RSA key.
- TorrentLocker: This file-encrypting ransomware relies almost entirely on spam email for its distribution. Unlike typical spam campaigns, the cybercriminals behind this attack focus on grammar to appear as authentic. Once inside, the campaign harvests emails to further distribute the ransomware.
- TeslaCrypt: The famously vulnerable Adobe Flash was first used in this ransomware to exploit online gamers and then moved on to larger targets including several high-profile European companies.
- Locky: As the newest ransomware on the list, Locky has created a lot of noise recently. Requiring bitcoin, it recently extorted a hospital in Hollywood for around $17,000 dollars.
Don’t Fall Victim to Ransomware Attacks
To protect you and your business continuity, the FBI suggests the following:
- Focus on Prevention
- Educate employees on ransomware types and tactics.
- Reduce vulnerabilities through timely patching and software updates.
- Set up automatic updates and regular scans of antivirus and anti-malware solutions.
- Employ least privileges and keep admin access to the bare minimum.
- Configure access controls, including file, directory and network share permissions. Read Only access should be the standard, with Write privilege granted sparingly.
- Disable macro scripts for office files transmitted over email.
- Implement policies that restrict programs from executing in common ransomware locations.
- Steps for Business Continuity
- Continuously backup files and be sure to frequently check the integrity of backups.
- Secure backups by ensuring they aren’t connected to the computer and networks they are replicating.
When the FBI gets involved, you know that it’s a big threat to security. Ransomware is gaining attention and rightfully so. With the predicted growth, you don’t want to be caught off guard without the right plan and security policies.
According to FBI Cyber Division Assistant Director James Trainor, “There’s no one method or tool that will completely protect you or your organization from a ransomware attack. But contingency and remediation planning are crucial to business recovery and continuity—and these plans should be tested regularly.”
Not sure where to start securing your organization? We’re here to help. Contact us to discuss the risks with one of our security experts. They can guide you in assessing your risks and creating a plan to stay ahead of them, before it’s too late.