Are businesses prepared for ransomware threats?
Cyber criminals are becoming increasingly adept at exploiting weaknesses in IT systems and the number of threats that organisations face day to day seems to be continually on the rise.
One type of attack that is gaining prominence in the digital underworld is ransomware. This malware is able to hijack computers and criminals typically used it to prevent people from gaining access to important files and apps.
Individuals are forced to pay a ransom to regain access to their IT systems, with perpetrators often threatening to destroy crucial data if their demands aren’t met. In some cases, the ransom has a deadline to place additional pressure on organisations.
Earlier this year, the BBC reported there has been a 3,500 per cent increase in the use of infrastructure that facilitates ransomware campaigns. Experts have also identified 124 separate ‘families’ of ransomware, with traditional antivirus software sometimes unable to tackle the problem.
Why are ransomware threats increasing?
Ransomware has proven so successful – and at relatively little cost and effort – that it’s not just criminal gangs taking advantage; many people simply buy the software through the black market.
“It’s safe to say that certain groups are behind several ransomware programs, but not all,” security researcher Bart Parys told the BBC. “Especially now with Eda and HiddenTear copy-and-paste ransomware, there are many new, and often unexperienced, cybercriminals.”
According to Raj Samani, European technology head for Intel Security, his organisation has seen a rise of more than 25 per cent in ransomware samples.
He claimed that source code for these threats is freely available, which has opened up opportunities for amateur cyber criminals to cash in. Nevertheless, the return on investment can be significant, with individuals willing to pay hundreds of pounds to save their data, while businesses can shell out thousands.
How does ransomware infect a computer?
Like many viruses, ransomware gets on to a computer when the user downloads a malicious email attachment or visits a website that carries infected code.
Kaspersky Lab outlines two types of ransomware: locker and crypto. The former prevents users from accessing basic computer functions, which may include their keyboard and mouse, while the latter encrypts critical data and can risk total destruction of sensitive information when deadlines aren’t met.
Opinions vary on whether or not businesses should pay the ransom. FBI special agent Joseph Bonavolonta advised delegates at the 2015 Cyber Security Summit that they should capitulate to demands.
However, Kaspersky Lab claimed this may not be the best approach, as there’s little guarantee the criminals will return data even if they receive payment. Furthermore, successful ransomware attacks will only encourage the perpetrators to continue.
There may also be decryption keys posted online that could help victims regain control over their computers, so people are advised to check before paying the ransom.
Preventing ransomware attacks
As they say, prevention is often better than cure, which is why organisations should take steps to avoid the sting of ransomware attacks. Symantec has released several tips for businesses looking to tackle this growing cyber security problem.
Train staff: Employees must be vigilant against suspicious emails, links, web pages and attachments that could potentially harbour ransomware and other potentially dangerous IT infections. Businesses should therefore provide guidance and training on how to spot dubious activity.
Disconnect from the internet: Users should turn off their computer or at least log off from the internet if possible after receiving a ransomware note. This may prevent personal data from being transmitted to cyber criminals.
Enable pop-up blockers: Pop-ups are a popular medium for ransomware, and accidentally clicking on one could be enough to infect your computer. It is therefore best practice to use pop-up blocker programs to reduce the risk.
Alert authorities: Ransomware is a form of extortion, making it a serious criminal offence. Businesses should contact the police to report incidents or near-misses.
Invest in firewall and antivirus software: As mentioned, some ransomware may be able to get around antivirus software, but maintaining an up-to-date line of defence is still recommended.
Back up data: While backing up data won’t prevent organisations from falling victim to ransomware, it will mitigate the damage should your information be destroyed or lost.
Hire cyber security professionals: Employing skilled cyber security experts to prevent attacks on IT systems can dramatically improve a business’s chances of avoiding ransomware incidents.
In today’s rapidly evolving technology environment, organisations must strengthen their cyber security measures to ensure they don’t incur financial and reputational losses due to ransomware and other attacks.
Our 2016 Compensation and Market Trends Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.
Image: 8vFanI via iStock