Our threat landscape continues to expand and cyber criminals have discovered that the encryption of data followed by a ransom fee can be a highly lucrative business. While many companies recognize the serious threat posed by ransomware, many still continue to go conduct business without a multi-layered security solution in place to ward off malicious attacks.
Here are a few facts about ransomware that you may not have known:
Ransomware Bribe Equal to One Car Payment
Ransomware is malware that encrypts files & deletes the original files, thus making the files inaccessible unless a ransom is paid. While the cost to decrypt a drive attacked by ransomware may vary, the average cost is around $500. And according to Edmunds, the average monthly car payment is $483. This is a great comparison as to how much consumers are willing to pay to get control back over their devices.
Just Pay the Ransom
Ransomware creators have gotten so sophisticated over the years that even the FBI admits if you’re unprepared, there’s not much that can be done if hit by ransomware. In fact, just last year, the FBI stated to consumers & businesses alike that if you want to access your data after a ransomware attack, just pay the blackmailers. Talk about giving into the bad guys; don’t be caught empty handed and unprepared- you’re a prime target for these criminals and could be attacked at any moment!
Ransomware Cashing in More Than Security Firms Sell For
According to researchers at Bromium, the prevalence of malware nearly doubled in 2015 simply because the profits earned by criminals is too easy to pass up. One type of ransomware, Cryptowall 3.0, made over $325 million from US victims alone in 2015. Even more astonishing, iSight Partners was bought in January 2015 for only $200 million. It’s no surprise why these criminals continue to do the harm that they’re doing when the profits are even more than what major technologies firms are selling for on the market.
Flash to Blame for Ransomware Success
Ransomware attacks are getting more stealthy and attackers are becoming increasingly better organized, leveraging multiple forms of user manipulation. This malware can also be delivered by exploit kits on compromised web pages and malicious sites. Once a user visits a compromised web page serving exploit kit code, the code then tried to identify potential vulnerabilities on the user’s system and serves exploits accordingly. Much of ransomware's growth can be directed correlated with the success of exploit kits like Angler, the top exploit kit on the market today. Cisco reports that 60% of Angler payouts are in response to ransomware. Much of Anglers success has been tied to their successful exploitation of Adobe Flash. In fact, eight out of ten vulnerabilities used by exploit kits in 2015 were Flash related.
Malvertising Fuels Ransomware
In 2015, malvertising gained popularity amongst cyber criminals as a common method for ransomware distribution, falling just behind that of phishing scams. This means of attack can strike at any time, and is often placed into click-baiting articles on popular websites. Essentially, a user clicks on a video, article, etc., and suddenly becomes confronted with a screen stating all your files, photos, and encrypted data have been one-way encrypted and will be held ransom until a ransom fee is paid.
The Cloud Won’t Save You From Attack
If you think storing your data in the cloud will save you from a ransomware attack, you’re sadly mistaken. In fact, it’s been found to be rather easy for ransomware to hit cloud drives mapped to local machines. The shared cloud drive can often make matters worse since one phishing incident can lead to the unauthorized encryption of thousands of files used across you entire IT environment.
Cloud service providers like Microsoft Azure and Google Cloud have already become victims of these attacks as fraudsters register an immense number of free, trial accounts and use their computation infrastructure to conduct cyber-attacks. According to DataVisor, “Cloud allows cyber-attackers to significantly increase the number of attack campaigns they can conduct, attributed to the elasticity and compute capacity of these services, and allows them to easily hide behind legitimate network sources and thus remain anonymous.”
Cyber Extortion- The Latest Wave of Ransomware
While many ransomware attacks are strategically targeted, many are simply the product of opportunism- taking advantage of an organizations' poor cyber security posture. Criminals are starting to focus on the psychology behind each attack while using fear as the ultimate driving force. The latest version of CryptoWall has upped the ante by threatening to not only leave users without access to their data but also to publish the data publicly if they don’t pay the ransom fee. These attackers have one goal in mind: shaming its target, like the Ashley Madison breach in late 2015.
NNT's Recommendations & Mitigation Techniques-
As cyber-attacks continue growing at an unprecedented rate, it’s time for all organizations dealing with sensitive data to really reflect on what can be done to ensure their digital doors are secure from hackers.
The phishing attack is one of the easiest ways a hacker can infiltrate your IT system so user education, SPAM blockers, anti-virus tools, and other security applications can help prevent employees from falling victim to a phishing attack.
With anti-virus tools only covering the bare surface, it’s important to implement a layered security approach to your IT estate. By working with NNT, your organization will be able to adopt a ‘layered and integrated approach’ to security that incorporates the right process, methodology and set of tools in order to guard your IT environment against today’s ever-evolving threat landscape.
With NNT's Change Tracker Gen7, your organization will come equipped with intelligent file integrity monitoring, compliance management, system hardening, threat intelligence & security configuration management all powered by Intelligent Closed-Loop Intelligent Change Control, all working to make your IT estate as secure and compliant as possible.
Read this article on Dark Reading