Don’t Be Held to Ransom

Karl McDermott
On: 22 Apr 2016
Share this post

It may not be the newest security threat on the block but ransomware is certainly reasserting its presence.

Ransomware is definitely on the rise and businesses of all types and sizes need to be aware of the risks it poses and how to mitigate them. We’ve all received those spurious emails attempting to convince us to click on an attachment or link. Whether a fake retail order, business invoice or something else, the purpose is to deliver ransomware onto your computer system and disable access until you pay up. Essentially, once on your computer system, ransomware encrypts all your data, making it immediately inaccessible. The user is targeted to pay a ransom if they want the decryption key. Once infected it is very hard to reverse the process without putting your hand in your pocket.

After it first hit the security scene in the late 1980s, ransomware remained a fairly dormant threat. But in 2013 it came into the spotlight when the CryptoLocker trojan was launched onto the internet and propagated computer systems via infected email attachments. At its peak around October 2013, it was infecting 150,000 computers each month.

Experts say ransomware will grow exponentially in 2016 and take new forms. The big recent change is the way it works; in particular, the fact that new breeds are being developed that don’t require user intervention such as clicking on an executable link. `Samsam‘ for instance seeks out un-patched vulnerabilities in corporate systems. It was responsible for major attacks on a number of US hospitals, where encrypted files could have potentially caused life threatening damage, not just financial pain. One hospital is reported to have paid $18,500 to have their data released.

So why has this security threat suddenly come to the fore again? Put simply, as a society we have become so reliant on digital information that when our access to it is cut off we panic. Cybercriminals using ransomware are preying on that panic to make money and no business or individual is immune.

Digital technology is also creating a `perfect storm’ for ransomware. Highly engaging and `clickable’ video advertising for example, has become the latest means of getting users to launch ransomware trojans. Equally, the use of smart devices for combined personal and business needs is massively increasing the volume of network endpoints where there is a high risk of ransomware being launched. Online ads, in-app ads, people skimming through emails and so on, all mean less thought is being applied to questions like `who is this from?’ or `is it right I am being asked for this information?’ Even digital currencies such as Bitcoin are making it easier and simpler for ransomware attackers to `transact’ with their `customers’ online.

Just like with any security threat, keeping vigilant at all times is critical and that’s in both a technology and people sense. In technology terms, businesses should ensure their data is regularly backed up so they have a copy that is not directly connected to their computer or network. They should also ensure they have multi-tier security protection in place including firewall, AV, anti-malware etc. Keeping on top of software updates and security patches is growing in importance too, to avoid ransomware attacks that specifically prey on these system vulnerabilities. Making sure to monitor and log what’s happening across the network to help determine where key risks lie is also useful.

In terms of people, it is all about education. The user’s actions may no longer be the only way that ransomware can attack but they should still be made aware of the dangers with a clear message: “Think before you click on anything!”

Ransomware is definitely one of the prevalent security issues of the day and organisations of all types should be doing everything they can to protect from these growing and costly threats.