Ransomware made waves this year when it exploded onto the internet in a series of headline-grabbing attacks, all of which were attempts to extort businesses for exuberant amounts of money. The concept of ransomware is simple: install malware that encrypts all the files on a workstation, attempt to spread through saved email addresses, and ultimately force the user to pay a ransom to decrypt their data again. This is textbook extortion, highly illegal, and extremely disruptive to organizations being targeted.
The first and most important action is to educate users of the systems. Most ransomware and cyber-attacks, in general, rely on a user taking an unintended action; commonly a user executes a seemingly normal but nefarious file. Because of this attack vector users should be wary of unsolicited emails, especially ones with attachments and links. To take this one step further users should know what types of files and operations commonly make changes to their systems. This will help them understand when changes are normal or something out of the ordinary is attempting to make changes. To name a few, for example, users of windows machines might want to investigate exe, msi, bat, or ps1 file types prior to executing them.
22 years ago, Irish actor Pierce Brosnan took his first turn as MI-6’s perennial agent James Bond. In that particularly great outing, everyone’s favorite international spy took out a satellite network known as GoldenEye, spearheaded by two satellites named Mischa and Petya. While the fictional GoldenEye satellites delivered an electro-magnetic field (EMF) of radiation that took out all electronics within a 30-mile radius, this week the world was hit with a real Petya: the “GoldenEye” strain of the ransomware that was at the root of last month’s massive WannaCry outbreak.
The technology world was rocked late last week with the arrival of the “WannaCry” malware payload. “WannaCry” is ransomware: it encrypts files with strong encryption, and then notifies the victim that they can “recover” their files for a payment using Bitcoin (which is an extremely difficult-to-track blockchain-based payment system). While the New York Times has reported that victims in nearly 100 countries have been affected so far by this fast-moving malware, the most significant impact so far has been identified within the U.K.’s National Health Services (NHS), which was forced to reallocate patients to unaffected facilities due to the “WannaCry” outbreak.
Late last year, Symantec Corporation released a survey on ransomware: malicious software that attempts to encrypt everything it can access, and demands money (usually in difficult-to-trace remuneration such as Bitcoin). One of the most disturbing trends of this report was that ransomware has grown from less than 20% of all new malware types in 2014, to over 90% of all newly discovered malware types today. Why is this? Well, put simply, because it works. When an organization’s critical business data is directly compromised – with the promise of possibly regaining access and restoring business as usual – the temptation to simply pay $500-$1,000 in Bitcoin or gift cards is strong. However, there’s always one nagging question in the background: what if the attacker doesn’t actually give us the key to decrypt the files?
Companies stand to lose a lot if they are hacked. They risk lawsuits, loss of brand equity, theft of intellectual property, and more. Among other dangers, there are three especially common cybersecurity threats that may bring this nightmare to life for any organization and can haunt those charged with protecting the company if they don't have the resources to do so. Those threats are ransomware, insiders, and vulnerability hacks—and here's what IT teams can take to defend against them.
As the second quarter of 2016 continues, it is increasingly clear that SMEs are faced with an urgent need to secure their IT systems. The year isn't even halfway through and already organizations have seen sophisticated cyber attacks that outstrip those faced in the past. Combating such threats means IT personnel must be sufficiently knowledgeable and qualified, but often companies do not have the resources necessary to hire enough in-house IT staff. Given this challenge, many firms are turning to managed security services to improve their cyber defenses.
Ransomware is out of control in 2016! Ransomware, as defined by Wikipedia, “is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the cybercriminal to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, which become impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying.”
In light of the latest cybersecurity trends, such as the increased threat of ransomware and malvertising, small- to medium-sized businesses should investigate the best ways to protect their IT assets from cyber attacks. Strong security tools and practices such as regularly backing up data can make a big difference. An especially important solution to consider is network security monitoring, particularly from a managed security service.