August 01, 2016//Ellen NeveuxLast Updated: November 18, 2020
The cyber criminal is an evolving menace. This is why it is critical for security experts to outline their tendencies and trends in order to predict and prevent future attacks.
It’s clear that financial gain is the major driver for most of these bad actors. While many tout social agendas, the reality is that three-quarters of all cyber-attacks are motivated by money.
There are a number of ways in which attackers wreak havoc on their victims, but the one that has marked the last year or so has definitely been ransomware. Worldwide, the victims have included hospitals, universities and even police departments.
In addition to these public services and large corporations that have traditionally been the preferred targets for cyber attackers, even SMEs are becoming more and more attractive with each week that passes.
In order to understand the danger ransomware poses for various organizations, it is important to understand what this term entails. In essence, it is a piece of software, or more precisely malware, which is covertly installed on a victim’s computer system and then used to perform certain actions.
These actions range from encrypting the files on the infected computer system and making them inaccessible without a key; to simply locking the system, once again making it unusable for the victim.
The trait that separates ransomware from other types of malware is the ransom part where the victim is blackmailed into paying a certain sum of money in order to regain control of their system once again. Their system is being held for ransom, hence the name.
Why the sudden popularity?
Ransomware is nothing new. In fact, it has been around since the 1980s. It is also not that different from the “more traditional” malware, which it actually uses as a way to infect a victim’s system. The reason why its popularity is exploding is actually much more mundane.
It all comes down to the payoff.
Namely, due to the emergence of bitcoin and other cryptocurrencies, attackers can now relatively safely accept payments anonymously. They can still be discovered when converting that into real money, but in the vast majority of cases, they can easily get their money without fearing capture.
This has, among other things, made it sensible for them to target smaller organizations or even individual users, asking for amounts of money that would have been too much risk for too little money otherwise.
Another reason why ransomware has become such a widespread threat is, quite ironically, the ability to turn it into an illegal variant of a small business. It has become perfectly easy to organize ransomware attacks and the various tiers of perpetrators into organizations that resemble small businesses, as outlined in this great article.
On top of all that, most organizations, be they commercial or public, exactly afford to ignore ransomware attacks or to handle them in particularly heavy-handed fashion.
2016 so far
We warned that ransomware would be one of the main cybersecurity threats in 2016 and we are genuinely sorry that we were right. So far this year, we have seen a number of high-profile attacks on various organizations, both commercial and non-profit.
In February this year, a number of hospitals in Germany were hit by ransomware attacks that caused these facilities to suspend their everyday operations and postpone serious surgical procedures that were supposed to be performed on patients.
Klinikum Arnsberg Hospital in Arnsberg was able to relatively easily deal with their ransomware infection since only one of their servers was infected and their IT team managed to stop the malware from spreading. Lukas Hospital in the city of Neuss was not so lucky, since more than a hundred servers and almost a thousand devices were potentially infected. Scanning and removing the threat has been a long and arduous process.
In April, NBC News came forward with a report on the boldest of ransomware attacks – Police departments in a number of American cities are being targeted. The attacks reportedly originated in Russia and Eastern Europe and the perpetrators asked for very small sums of money, usually limited to a few hundred dollars. This was one of the things that infuriated the police officials.
One of the reasons why attackers often target small police departments in less populated counties in different states in the U.S. is that such departments use computer systems that are decades old and that are in no way appropriately safeguarded against such attacks. Also, the attackers know that their efforts will go unreported for the most part since police authorities will usually be too ashamed to report the breaches.
In June, The University of Calgary decided to pay their ransomware attacker the sum of twenty thousand Canadian dollars in order to get the decryption key that would allow them to regain access to the data that was encrypted by the malicious software. More than a hundred of their computers were compromised and after paying up, the slow and complicated process of decryption began.
Protecting your organization
The good news is that minimizing the risks of someone using ransomware to incapacitate your organization can be straightforward and doesn’t have to be costly. The first step is ensuring that your anti-malware and anti-virus software is up-to-date and that firewalls are not deactivated for any reason. Your devices should also be equipped with pop-up blockers since ransomware is often disseminated that way.
Proper education is also extremely important. As we discussed previously, social engineering is on the rise. Employees need to be taught how to behave when receiving emails from unfamiliar sources, even if they look and sound official. The dangers of opening .zip and .exe files received via email should be especially emphasized.
Organizations should also have their system backed up regularly and frequently so as to minimize the damage done by ransomware attacks. Compartmentalizing different operations within the organization, especially those involving money transactions, is also a good idea.
Ransomware is becoming one of the most common types of cyber-crime and various organizations are at an ever-increasing risk of being affected. This year has truly been the year of ransomware and we can only hope that the second half is going to be somewhat less ransomware-heavy.
Catch up with us near the end of the year or the beginning of the next when we will cover the second half of 2016 in respect to ransomware.
Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.