Ransomware hits the headlines – literally We predicted a surge in ransomware attacks at the beginning of 2016, given the enormous rewards and minimal risks they offer cybercriminals. However, we didn’t think ransomware would be making headlines quite so literally.
This week several major news organisations – including the BBC, The New York Times and Newsweek – were duped into displaying adverts that sought to infect visitors with data-encrypting malware. Anyone who clicked on a malicious advert was taken to a webpage that attempted to download CryptoWall – a popular strain of ransomware that allows cybercriminals to hold a user’s machine hostage and extort cryptocurrency payments in exchange for an unlock code.
Only the beginning
This exploitation of some of the world’s most trusted brands and publications shows just how bold cybercriminals have become in unleashing ransomware attacks. However, we still haven’t seen ransomware’s popularity peak. With big money at stake, such attacks will continue to skyrocket in the coming years. In just one month, a ransomware campaign can generate $90,000 in revenue at a cost of less than $6,000 – netting operators around $1 million a year.
To date, the actors behind CryptoWall are estimated to have made a profit of more than $325 million. Cybercriminals have been quick to cash in on this opportunity. Fortinet caught 19 million infected emails in the first half of this month alone, while another security company reported 200,000 ransomware emails hitting its spam-spotting servers in just one hour. This surge in attacks has been partially driven by a newcomer to the ransomware landscape, Locky, that’s now second only to CryptoWall in its popularity amongst cybercriminals.
After encrypting a machine’s data, Locky demands three bitcoins (around $1250) to release the information. With ransomware like Locky simultaneously becoming more sophisticated and easier to use, the attacks we’ve seen to date look certain to be just the beginning. Dominic White, CTO at SensePost – one of the world’s leading security consultancies and part of the SecureData Group – had this to say about the current spike in ransomware attacks: “If you value an asset, someone else can always exploit that value. Even organisations that don’t rely on sensitive or proprietary information are at risk here. It’s no longer enough to think your data wouldn’t be lucrative in anyone else’s hands – if it’s valuable to you, that’s all that matters”.
Dominic continued, “Ransomware attacks can be extremely dangerous, but they’re also preventable with the right precautions. That’s why it’s more critical than ever to understand evolving threats in the wild and their relevance to your business, IT estate and industry”. SecureData’s Threat Advisory Service does just that. Our expert analysts monitor evolving risks to spot the one threat in ten thousand that poses a real danger, providing clear and straightforward advice on how to protect individual organisations and eliminate critical vulnerabilities before they have an impact.
Escaping the hostage crisis
Ultimately, today’s ransomware pandemic will only diminish when it ceases to be profitable for cybercriminals. Yet, the uncomfortable reality is that businesses still frequently resort to paying a ransom to restore their data. This is particularly true for SMBs, which often lack the sophisticated disaster recovery and data back-up solutions used by large enterprises. For small organisations, their data is their business: a ransomware attack can cripple day-to-day operations, send customers elsewhere and devastate both revenues and reputations. Of course, cybercriminals know this too.
With SMBs firmly in the sights of hackers, organisations need to act now to protect themselves. The most important steps include backing-up critical data regularly, educating employees on the risk of phishing emails and ensuring business software is kept up-to-date. SMBs should also consider removing applications that are commonly exploited to deliver ransomware attacks, such as Flash, Java and Silverlight. Some may wish to go even further and install ad-blocking software in light of recent events.
Call in the experts
Of course, implementing a robust multi-pronged defence against ransomware attacks can be challenging for small in-house security teams short on time and money. Managed security services offer the perfect solution, allowing organisations to take advantage of the best security skills, processes and technologies at minimal expense. Managed services now account for 35% of security spending worldwide and the reason is stronger security – pure and simple. A recent study by IDC, commissioned by SecureData, revealed that UK companies most often turn to third-party providers to improve visibility, monitoring and control (35%), fine-tune threat detection (21%), or enhance vulnerability management (15%). With ransomware bound to make headlines again soon, no business can afford to wait. Whether you’re taking steps in-house or bringing in outside expertise, the time to act is now.