Ransomware, or a ransomware attack, describes an ingenious but annoying criminal attack on the one thing that matters most to your business: your data. The attackers can take many different routes to compromising your machine or network, but the end result is the same; your valuable data will be well-encrypted, and the attackers will hold the key. In return for restoring your data, a fine will be payable, often in Bitcoin or a similar digital currency.
There are of course no guarantees that the criminals will then return (de-encrypt) your data, and often the file they provide to do so will contain more malware, as of course they are keen to wring as much money out of each attack as possible.
Ransomware itself is one of the security buzzwords of the last few years, although the concept has been around since well before 2013, when one of the best-publicised variants, Cryptolocker, was discovered. Cryptolocker was just one of many strains of ransomware, and has been supplanted by newer, more honed ransomware-as-a-service (RaaS) tools such as ‘Shark’, whose creators distribute the code for free, but take a 20 per cent cut of any successful ransoms collected.
Figures from security firm Symantec claim that global losses due to ransomware attack situations are ‘now likely running to hundreds of millions of dollars’, with the average ransom demanded by attackers reaching US$679 in 2016, up from $294 at the end of 2015.
Between January 2015 and April 2016, the US was the region most affected by ransomware attacks, with 28 per cent of global infections. Canada, Australia, India, Japan, Italy, the UK, Germany, the Netherlands, and Malaysia round out the top ten. Around 43 per cent of ransomware victims were employees in organisations, according to research done by the anti-virus giant. A separate study of IT service providers finds that 91 per cent of respondents reported having their clients victimised by ransomware in the past 12 months, and that downtime as a result of ransomware attacks often cost businesses more than $8,500 per hour, according to backup provider Datto.
What can your business do to defend against this threat?
The first and most obvious step to take is to educate your staff about basic online security practices, in this case not clicking suspect links in email. It’s thought that most ransomware infections are transmitted by email, often disguised as shipping delivery notices. Not being infected is certainly the easiest and most cost-effective way to avoid compromise.
However, increasingly ransomware attacks are using ‘drive-by-download’ attacks to infect users, which are harder to defend against. Keeping malware scanners up-to-date and ensuring that browsers, operating systems and other software have the latest versions installed will help too, albeit in no way guarantee safety.
Of course, preventing access in the first place remains the best method of avoiding a ransomware attack, although the number of attack vectors can seem daunting. Insecure web applications are a major cause of compromise, and are often aggravated by weak web server configuration and badly implemented protocols, such as the particularly essential security safeguard encryption (aka SSL/TLS encryption). High risk vulnerabilities, such as SQL (a computer language used to view or change data) injections, are now being used for ransomware attacks five times more frequently than in 2015, and it is a fact that more than 60 per cent of web services designed for mobile applications contain at least one high-risk vulnerability allowing database compromise. If you are hosting a WordPress site, update all the plugins as outdated plugins can present a major security risk.
Continuous monitoring services can help to identify weaknesses in a website that can be exploited by hackers. These monitoring services will identify vulnerabilities and recommend fixes. Additionally, there are plenty of free tools available that can be used to test key areas, such as your servers and indeed SSL/TLS encryption proactively.
A final best-practice strategy that will defend against ransomware attack scenarios is to ensure that a robust backup policy is in place across the organisation. Creating regular serialised backups and storing them securely means you’ll be able to ‘roll back’ to an unencrypted version of your data, saving the majority of it. Backups also mean you’ll be safe from less machiavellian but just as potentially business-threatening, issues like a local hardware failure or loss. Bear in mind that ransomware is able to encrypt files on mapped network drives, so disconnecting the drive while not in use is essential.
Further reading on cybersecurity
