Today on our blog, we have a special guest post from Ben Chant who is on our market insights team at NTT Security. Includes updates on 19th May following the recent ransomware attack.
With the recent ransomware attack named WannaCry now believed to have spread across the globe and affected an unprecedented number of computers, businesses around the world will be reviewing how they are protecting themselves from experiencing similar attacks.
As the WannaCry attack exploited systems that had not been updated, a key point to note is something that is continuously tripping organisations up – updating patches. With multiple browsers, applications and operating systems being run in an enterprise, it can be difficult to keep on top.
In addition, organisations must ensure their data is regularly backed up, not just online but on offline drives, so that attackers are kept away from holding this data to ransom. A final lesson that is a key part of evading ransomware is security awareness. Because ransomware is often delivered via phishing, malvertising or fake anti-virus notifications, employees need to be trained on how to spot common features to look out for within these mediums. This creates an effective ‘human firewall’.
These are some of the basics that organisations need to implement, however due to the constant evolution of ransomware, IT security leaders must look to work with a security partner that is constantly monitoring the threat landscape and can apply a tailored and comprehensive strategy for thwarting advanced malware. This will enable organisations to be resilient to advanced cyber attacks and continuously reduce their risk footprint.
The concept of someone holding your data hostage is a nightmare all business leaders share. This is, however, a very real and ubiquitous threat which involves the use of malware to prevent users from accessing their systems or locking their files until a ransom is paid. From its early days of portraying relatively harmless PC clean up and anti-virus applications, ransomware has become one of the most common cyber extortion methods. According to our 2017 Global Threat Intelligence Report (GTIR), incident engagements related to ransomware were the most common incidents.
When you look at ransomware’s evolution from the early 90s, the most noticeable behavioural change has been the transition of victims, from targeting anyone with a PC to multi-national businesses in various industries. Our GTIR found that 77% of all detected ransomware globally was in four main sectors – business and professional services (28%), government (19%), healthcare (15%) and retail (15%). The sophistication of this threat now means even mobile devices are at risk of being used as vectors for ransomware attacks, creating another gateway into intellectual property and critical data.
Ransomware is rewarding
Attackers have become particularly interested in using ransomware due to its return on investment and use of payment systems that are difficult to trace including Bitcoins and wire services. Some businesses have even reached a point where they are maintaining stocks of Bitcoins to pay attackers. As a result, criminals are spending more time and effort creating new strains that are capable of evading traditional security controls and are more likely to convince a user to pay a ransom.
Unfortunately, paying the ransom does not guarantee the encrypted files will be released and can incentivise similar attacks to take place. This is particularly the case with the ransomware-as-a-service (RaaS) business model, where the ransomware creator sells their malware to consumers on the dark web to use on their own targets, yet doesn’t need any prior expertise or coding experience. Any shared information on past victims who have paid the ransom will encourage these RaaS buyers to target them again. But financial risks are not the only cause for concern – a ransomware attack has the ability to cause significant downtime to a business, damaging productivity, reputation and, in the case for hospitals, patient safety.
Focus on using resilient architecture
The rate of ransomware and other advanced malware attacks continue to outstrip the investment in cybersecurity. This is showing us that global businesses cannot spend their way out of cyber risk and, depending on their maturity, may need to make a fundamental change to their approach. By focusing investment on capabilities to predict, prevent, detect and respond, businesses can align people, process and technology to build resilient cyber defence architecture in line with business objectives and compliance.