Jun 04, 2017
Today, we're looking at the growing problem posed by ransomware - and offering a few actionable steps your organisation can take to protect itself against this new threat.
What is Ransomware?
Ransomware attacks are a new phenomenon, even by the fast-paced standards of the digital security world. 'CryptoLocker', one of the first high-profile types of ransomware, appeared as recently as 2013; and new iterations have been surfacing on a regular basis ever since.
Most ransomware attacks follow a similar principle to CryptoLocker: gaining access to secure systems, using encryption to lock-up hard drives and sensitive files, and demanding a ransom be paid for the hackers to 'release' the newly-encrypted data.
Why Ransomware is a Big Problem
As a relatively new attack vector, few organisations properly understand the characteristics of ransomware, or the threat it poses. They don't know how to identify potentially malicious software, and often ended-up furthering the spread of the ransomware by forwarding on malicious attachments to colleagues and clients.
It Uses Phishing
Ransomware relies on phishing: using unsolicited emails laden with malicious software to gain access to secure networks. It's this method of transmission that makes ransomware so problematic, with spear-phishing attacks used to reach specific people, and gain access to specific systems, in a highly targeted way.
Without educating your employees about the common characteristics of spear-phishing attacks, it's very difficult for to avoid the threat posed by ransomware.
Most ransomware attacks are time-sensitive, with hackers threatening to permanently destroy data unless the ransom is paid within a certain period of time (often 24-hours).
This type of time sensitivity is a powerful tool for instilling fear and panic, and in many cases, leads to organisations giving in to the demands of the attackers. With every successful ransom, these types of attacks grow in popularity among hackers and criminal organisations.
It Generates Direct Revenue for Hackers
Most other types of malware use keyloggers and backdoors to collect card details, usernames and passwords - valuable information which can be resold or used by criminal organisations.
Ransomware takes a more direct approach to generating criminal revenue, using relatively simple attack methods to force their victims into paying the ransom, often in the form of untraceable bitcoins. Instead of targeting organisations in the hope of collecting valuable information, ransomware is designed to directly generate revenue - making it hugely appealing for hackers and criminal organisations alike.
How to Reduce the Risk of Ransomware
1) Back-Up Everything
Ransomware is most effective when hackers manage to encrypt data that isn't backed-up to any other device. In these instances, organisations have little choice but to pay the ransom - and if they refuse, their valuable data is lost forever.
Thankfully, this situation can be avoided relatively easily. Sensitive information can be backed-up on air-gapped hard drives, or secured within cloud storage solutions; or increasingly, both. If a hacker manages to encrypt a copy of your now-backed-up data, it's a problem - but it's not a disaster.
2) Educate, Educate, Educate
Though it's a relatively novel type of attack, most ransomware still relies on relatively simple security mistakes.
By rolling out a security awareness training program, and educating employees about the characteristics of phishing and spear-phishing attacks, much of the threat posed by ransomware can be reduced.