OK. This is the 2,364th article in the past month alone regarding ransomware. Have you had enough? Apparently not, since many still are not getting the message about how devastating to a business, the public sector or private citizen a ransomware attack can be. It won’t go away, and you can continue to ignore or put it off, but it is “a thing,” and you might as well begin to take action.
What Is a Ransomware Attack?
So let’s break it down, first by definition, what it can do, examples of the damage it has done so far, and some tips on preparations, strategies, methods and tactics you can implement today, so that you don’t get “taken” tomorrow.
In a previous penned blog, I explained that:
Ransomware is a type of malware that infects a computer and takes control of either the core operating system using lockout mechanisms or possession of data files by encrypting them. The program then asks the user to make a “ransom” payment to the malicious individual or organization in order to remove the locks and restore the user’s endpoint or files.”
Others have defined it as:
… a form of malicious software (or malware) that, once it's taken over your computer, threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, promising — not always truthfully — to restore access to the data upon payment.
Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cyber-criminals in Bitcoin.”
…ransomware mimics the age old crime of kidnapping: someone takes something you value, and in order to try to get it back, you have to pay up. For it to work, computers need to be infected with a virus, which is usually accomplished by tricking someone into clicking on a link.”
The Cost of Ransomware
In 2017, the National Law Review stated that:
the average ransom demand was more than $1,000 — greater than three times the average in 2015. What’s more, one in five businesses that paid ransom never got its data back.”
How is it that we are all just either ignoring the threat and/or rolling over and paying the ransom? In this recent article posted by Stuart Reed, a cybersecurity strategy leader, he states that:
…our new Risk:Value Report shows there is still a lot of work to do. It crystallizes in one shocking statistic: one third of global decision makers believe their organization would rather pay a hacker’s ransom than invest in information security.
Reed goes on to point out that, in the recent Global Threat Intelligence Report (GTIR), ransomware attacks “surged by a massive 350% in 2017.”
Some of the better known and shockingly costly global Ransomware attacks include:
- WannaCry – Cost = $8 Billion.
- BadRabbit – Cost = $?? Billions – it’s so large and ongoing, the costs are still being determined.
- NOTPETYA - Cost = $1.2 Billion.
- SAMSAM - Cost = $850 Million and climbing.
As a recent article in the New York Times put it, in relation to the SAMSAM Ransomware attack on the City of Atlanta:
Anyone hit with a ransomware attack must reckon with the dollars and cents: will it cost more to pay up, or to try to eradicate the malware and restore the data without giving in? But government victims must also grapple with the dubious propriety — and dubious legality — of rewarding crime with taxpayers’ money.
Public sector municipalities seem to be the new target du jour, according to a recent piece in the Wall Street Journal, that also lists out the number of US public sector city networks that have been hit recently and the ransom amounts paid or refused. (Yes, you can refuse to pay the ransom, and the FBI recommends this practice):
"Public-sector attacks appear to be rising faster than those in the private sector, according to the Ponemon Institute, a Traverse City, Mich., research company focused on information security. Ponemon estimates 38 percent of the public entities it samples will suffer a ransomware attack this year, based on reports through May, up from 31 percent last year and 13 percent in 2016. The company samples roughly 300 to 400 public-sector entities each year.
"We’re right at the front end of this”, said Marshall Davies, executive director of the Alexandria, Va.-based Public Risk Management Association. Hackers are “just now coming after the public entities. They’ve been hitting the businesses for years,” he said.”
Prepare for WHEN Ransomware Happens
Notice that headline did not use the word “If.” Continue to ignore the threat of Ransomware and it will bite you. And, having a backup and disaster recovery solution in place will help recover from a ransomware infection. According to Channelnomics,
With a reliable backup and recovery solution implemented, 96 percent of MSPs report clients fully recover from ransomware attacks.”
Here are some other points about preparedness to consider:
- Insurance - make sure your company is insured against ransomware, not through a traditional policy but a “cyber liability” policy. (the link is merely an example, not an endorsement).
- Security Audits – internal and external.
- Incident Response Plan - prepare an Incident Response Plan (IRP) as soon as possible, either drafted by your CISO or through a company and legal committee – collectively known as the Incident Response Team (IRT).
- Incident Response Team – as indicated, a committee of members formed to make decisions and delegate tasks, with full contact details as well as back-up personnel.
- Identity and Mobile Device/User Management – usually done through the Security Audit above but worth mentioning again, with a shameless plug for GobalSign’s own Mobile and Authentication Access Control solutions.
- Data Backup & Recovery - having a backup and disaster recovery solution in place to help recover from a ransomware infection. With a reliable backup and recovery solution implemented, 96 percent of MSPs report clients fully recover from ransomware attacks.
- Detection and Monitoring - continuous monitoring of assets and deployment of technologies to contain threats.
- Training - organizations must be vigilant in training employees about current threats and how to guard against them.
From our friends at SentinalONE, in their own whitepaper, they offer these five steps to take as soon as you think — or know — you might be infected and held for ransom:
While taking these steps may not protect you 100 percent, they’ll go a long way to preventing, protecting and mitigating any Ransomware threat in the foreseeable future. Good luck out there, and stay vigilant!
Other resources and information available on this topic:
- How To Protect Your Start-Up From Ransomware.
- Another Week – Another Ransomware Attack – Time to Kill the “Bad Rabbit”.
- 5 Cybersecurity Challenges and Trends: What to Expect in 2018.
- The WannaCry Ransomware Sweeping the World: More Than 200,000 Computers Are Affected So Far.
- How Top Industries Are Preparing For Evolving Cybersecurity Threats.