This post was co-authored by Nicole Baumgartner and Natasha Barnes.
Ransomware attacks have become recurring news headlines and show no signs of decline. Attackers continue to earn profits and increase the complexity of their attacks. From April 2014 – June 2015, the Federal Bureau of Investigation (FBI) reported more than $18 million in losses from ransomware attacks. Victims include individuals, businesses, and public agencies. According to Kaspersky Labs, corporate users experienced more than a 6% increase in attacks from 2014 – 2016; however, home users still encounter the majority of these attacks. It’s imperative to understand and implement security measures before your environment becomes the next hostage.
Ransomware is a form of malicious software or malware, which prohibits access to your computer and/or files until a ransom has been paid. This attack can render a computer, network, certain segments or files within it inaccessible to authorized users. There are multiple deployment methods for ransomware. Some of the most common ways include clicking on a malicious link, downloading deceptive attachments that contain executable files, and visiting unsecure websites.
There are several ransomware families; two of the most common versions are Locker Ransomware and Crypto Ransomware. Locker Ransomware disables access to computer files but typically leaves them unaltered. As it can be possible to remove this type of ransomware with anti-virus software, hackers began utilizing encryption to incentivize timely payment. Crypto Ransomware searches through files, encrypts those of interest, and requires ransom payment before providing the decryption key.
In case studies where Crypto Ransomware has been deployed to a school system (Horry County School District), hospital (Hollywood Presbyterian Medical Center), and police department (Tewksbury, Massachusetts), these entities ultimately paid the ransom due to the high costs and operational setbacks associated with losing the encrypted data. According to the FBI, ransomware fees range from $200 – $10,000. The Hollywood Presbyterian Hospital paid $17,000, Horry County paid $10,000, and the Tewksbury Police Department paid $500. Payment is usually required to be made using Bitcoins, which is a completely digital and encrypted currency. Companies are beginning to stockpile bitcoins in the event of a ransomware attack, as many entities did not have this currency at the time of attacks.
While ransom payments could be relatively nominal, there’s no guarantee that files will be decrypted and access restored. However, in the cases mentioned above and many other situations, the attackers upheld their end of the deal. Any time a payment is made, it may help that particular victim but it also offers an incentive for future attacks. Whether the ransom is paid or not, these attacks can result in a variety of adverse impacts including financial loss, temporary/permanent data loss, disruption to operations/service delivery, and reputational damage.
The best defense against ransomware is implementing preventive measures. Maintain a close pulse on ransomware capabilities as it is a constant evolving threat. The most important safeguard is to backup data frequently and consistently. Organizations should also have a disaster recovery plan and business continuity plan in place. These plans should be tested annually to determine their effectiveness and efficiency. Antivirus software and operating systems should be kept current. Practicing these cyber hygiene activities supports a defense-in-depth approach, which is vital to safeguarding against the persistent threat of ransomware attacks.
Download and listen to our recent webinar on Ransomware Prevalence and Safeguards to learn more.