Numbers are in from multiple sources, including Kapersky and Symantec - malware activity continued to grow in Q2 2017, and ransomware continues to be the most popular attack type among cyber-criminals.
Of course, this is hardly a surprise, given that Q2 saw two of the worst ransomware outbreaks yet recorded: WannaCry and NotPetya. Others, such as the current BadRabbit attack or CryptoWall and the recently-revived Locky, also continue to be seen in large numbers both domestically and around the world.
Ransomware can be a major disruptor for virtually any organization it touches, and due to the ways it can be spread, no organization is 100% safe. Preventative measures combined with an understanding of how ransomware affects your systems can help mitigate the dangers, but constant vigilance is a must.
Understanding the Dangers of Ransomware
"Ransomware" is a blanket designation for a range of cryptographic attacks. Their exact methods can vary slightly, but a typical attack looks like this:
- The target systems are infected by a payload, which is generally -but not always- delivered via a compromised email.
- The payload sets to work encrypting many or even all the files on the host machine, rendering them impossible to retrieve.
- A message is displayed, informing the user of the infection, and demanding a payment be made, usually via Bitcoin or other quasi-anonymous online currency.
- If the payment is made, the attacker will -usually- supply the cryptographic key required to unlock the files. If not, the files remain encrypted - possibly forever.
- Some ransomwares put further pressure by including a time limit, with the promise of total file destruction if the monetary demand is not met.
Much of the reason ransomware has become so popular among cyber-criminals is that, quite unfortunately, it works. The amounts asked for are generally in the hundreds or thousands of dollars, low enough that many infected organizations will take the path of least resistance and pay off the attackers. This may save their files, but it only emboldens more groups to embrace ransomware attacks - leading to their current prevalence.
Prevention is critical here. Most ransomware crypto has not been cracked. If you become infected, there is a high chance you will have to make some very unpleasant decisions.
Some key preventative measures include:
- Awareness and training. Keep reminding your staff to never open unrecognized emails at work, and avoid unsafe websites.
- Avoid mapping network drives, and keep them hidden if possible, to prevent a wildfire outbreak.
- Install plenty of ad-blockers and script scanners, both locally and on the network.
- Consider investing in newer network security systems which can detect and shut down unwanted cryptographic activity.
Plug the Most Serious Hole in Your System Defenses: The Human Element
Even the best-laid technical security solutions can be entirely undone by a single lapse in judgement. 95% of all security incidents involve an element of human error. Cyber Risk Aware helps create a human firewall, with security-focused testing and detailed attack simulations designed to teach workforces at all levels how to keep themselves, and their company, safe from cyber-attacks.
Contact Cyber Risk Aware today to learn more about how we go beyond the typical security solution to address the most critical risk factor of all.