Ransomware: Too Profitable to Go Away

Ransomware: Too Profitable to Go Away

By Charles Cooper

If enterprises needed another reminder to protect themselves against ransomware, this spring’s WannaCry outbreak ought to have served as their proverbial wake-up call.  

WannaCry was a global coordinated ransomware attack against tens of thousands of private and public sector organizations around the globe. It overwhelmed defenses with a zero-day vulnerability stolen from the NSA.

Meanwhile, the number of organizations victimized by ransomware tripled between the first and third quarters of 2016 alone with attackers holding their victim’s data hostage in return for payment.

All this has taken place within a relatively short time. The first wave of modern ransomware started in the middle of the last decade in Russia with the appearance of GPCode (also called PGPCoder), a Trojan that dropped a text file demanding payment into infected files. New strains of ransomware soon migrated west across Europe and then, throughout the rest of the world.

Starting in 2015, the focus shifted as ransomware attackers concentrated on business targets, rather than individuals. Last year was a breakout year for ransomware heists as attackers raked in an estimated $1 billion from victim organizations.

The most common type of ransomware used nowadays is called crypto-ransomware, which seeks to encrypt personal data and files. The other type — known as locker ransomware — locks up the victim’s computer entirely.

A vivid example of the havoc ransomware can wreak came in February 2016 when attackers seized control of the computer network at Hollywood Presbyterian Medical Center, in Los Angeles. The malware prevented employees from accessing any medical records stored electronically. Administrators eventually complied with the demands and paid a ransom of about $17,000 in bitcoins in order to regain access to the hospital’s computer systems.

It was a victory for the bad guys but hardly an exception. Although law enforcement authorities argueagainst paying ransom, as many as two-thirds of ransomware victims are believed to comply with the demands of their attackers.

Blocking and Tackling

The average ransomware attack last year netted $1,077, a 266 percent increase from 2015. Meanwhile, security experts expect further attacks given the proliferation of underground forums where criminals can buy easy-to-deploy ransomware toolkits.

If your company depends on uninterrupted access to critical data, the onus falls on you to take preventive measures and block ransomware threats before they paralyze the organization.

This is largely a matter of basic blocking and tackling. Defending against exploit-based infection scenarios involves a multilayered defense strategy with web and email filtering solutions and intrusion prevention systems that mitigate the threat of ransomware-laden emails.

No software is bulletproof. Unfortunately, many organizations still fail to patch their software with regular maintenance updates. The justifications vary, but negligence gives cybercriminals the incentive to continue to launch ransomware attacks. In addition to patching regularly, administrators can whitelist their software applications to help  prevent their users’ computers from installing anything that’s not approved by IT.

Also, it’s smart to make regular backups a part of any disaster recovery plan before the next ransomware attack comes. In fact, NIST recommends adopting a regimented backup schedule and then making redundant copies of backups stored in different physical and offline locations. That way there’s no connection for the ransomware to reach any backup data.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.