A few short years ago, no one had even heard of ransomware. InfoSec was busy with other things and hostage-taking mostly occurred in troubled foreign locales and Denzel Washington movies.
Today, ransomware is not only commonplace, it’s on the rise, with hackers constantly employing new strategies to make a buck. All kinds of organizations now find themselves struggling to understand this unsettling new threat and how to break its hold on their data.
An easy, low-risk way for criminals to exploit almost any network intrusion, ransomware is a type of malware attack that prevents organizations from accessing their own data or computer system until they pay a ransom to obtain a decryption key.
Ransomware first emerged in 2009, with federal investigators noting that most attacks today are launched by Eastern European cybergangs. In Q1 of 2016, attacks increased tenfold over all of 2015, costing victims more than $200 million. In reality, the numbers are likely higher since most attacks go unreported.
In addition to paying a stiff ransom, victims may incur hefty IT costs and possible fines as well as costly business downtime and damage to their brand. Worse yet, many victims never recover their data even if they pay up.
No Victims Left Behind
Ransomware goes after a democratic array of business, government and nonprofit organizations. In addition to private entities, it also targets the public sector, including school systems, small cities, and – perversely – local police departments, which have been attacked in at least seven states since 2013. Furthermore, no computing platform is safe: ransomware now strikes Linux, Mac and Android systems as well as Windows PCs.
While part of the natural evolution of cybercrime, ransomware has capitalized heavily on the business use of unsecured mobile and Internet of Things (IoT) devices.
Hackers Build a Better Mousetrap
Ransomware attacks have become increasingly sophisticated. Malware can now identify a victim’s country - and therefore language - enabling hackers to make phony messages and demands more persuasive. Social engineering methods further enable attackers to cherry-pick targets for spearphishing emails. In addition, some ransomware stays dormant after spreading through networks, making it harder to identify the original source.
Unlike early ransomware, today's variants can be fully automated and dispersed by the thousands, with malware also customized to different servers, operating systems, and devices. After accessing a system, malware is often programmed to delay data encryption, allowing it to remain in the system even when IT uses a restore point.
Computing Practices Roll Out the Red Carpet
Despite its increasing sophistication, ransomware typically employs simple methods to snare its victims. It is primarily installed via “drive-by downloads” that take place when a victim clicks on a compromised website or ad. Ransomware may also be disguised in a phony link or email attachment. “Pay per install” is another popular method where hackers pay a fee to install ransomware on computers that are already infected with other malware. Systems with outdated or misconfigured software can also be easily compromised to spread ransomware.
A Two-Pronged Battle Plan
To combat ransomware, organizations have two primary strategies at their disposal:
End-user awareness and smart browsing practices can help protect against ransomware, along with regular updates to security, anti-virus and anti-malware software, including operating systems. Organizations should also replace antiquated IT infrastructures.
While useful, these fixes have limitations and organizations would be reckless to rely on them exclusively. With ransomware attacks ever-more difficult to detect, prevention strategies are always playing catchup, as new kinds of exposure continuously emerge.
2. Data Backup:
To definitively reduce the impact of ransomware, comprehensive data backup is really the best approach. By automating time-indexed snapshot backups of data across servers, laptops, and cloud apps, organizations can quickly restore data back to any point in time prior to the attack. Ready access to backed up data takes the bite out of ransomware while providing organizations with improved information governance and off-site storage.
File-level restore - as opposed to Bare Metal Restore (BMR), which reformats a computer from scratch – is important to combat ransomware that remains in systems after IT has used a restore point. Some security specialists also recommend deploying backups of operating systems instead of reverting to restore points.
Ransomware is definitely worrisome and can exact a heavy toll on organizations whether they pay up or not. However, armed with up-to-date information, smart computing practices and effective data backup, InfoSec can successfully kick ransomware to the curb. What are you waiting for?
This article first appeared on Druva.com.