By: Ben Rossen
What is ransomware?
Ransomware is a form of malicious
software that infiltrates computer systems or networks and uses tools like
encryption to deny access or hold data “hostage” until the victim pays a
ransom, frequently demanding payment in Bitcoin. In the typical case, the criminals
demand between $500 to $1,000, but some have demanded as much as $30,000.
Panelists described a wide variety of ransomware variants.
For instance, some
hackers will delete the victim’s files if payment isn’t made within a specified
period of time, and many newer variants use highly advanced methods of
encryption. Ransomware can be incredibly profitable to criminals, many of whom
now have the resources to hire professional developers to build increasingly
sophisticated malware.
Ransomware incidents have skyrocketed in
the past year, and several high-profile attacks on health care organizations
highlight the challenges that ransomware poses. In February, an attack on a
hospital in Southern California knocked out its network for more than a week,
leaving staff without access to email and some patient data. The hospital
ultimately paid a $17,000 ransom to restore access. Another attack crippled the
networks of ten Washington, DC area hospitals for nearly two weeks. But
ransomware isn’t just a health care problem. It affects businesses across the
economy. Panelists agreed that incidents of ransomware will continue to
increase across the board – and nobody is immune.
The risks associated with ransomware
If your business holds consumers’
sensitive information, you should be concerned about the threat of
ransomware. It can impose serious economic costs on businesses because it
can disrupt operations or even shut down a business entirely. In addition, a
business’ failure to secure its networks from ransomware can cause significant
harm to the consumers (and employees) whose personal data is hacked. And in
some cases, a business’ inability to maintain its day-to-day operations during
a ransomware attack could deny people critical access to services like health care
in the event of an emergency. Thus, a company’s failure to update its systems
and patch vulnerabilities known to be exploited by ransomware could violate
Section 5 of the FTC Act. Also, this principle is illustrated in several recent
FTC actions that highlight the importance of defending against malware, such as
cases against Asus and Wyndham.
How is ransomware delivered?
Criminals deliver ransomware in a
variety of ways. According to one panelist, 91% of all ransomware arrives
through email phishing campaigns. These typically require the user to take some
kind of action such as clicking on a link or downloading a malicious
attachment. Other campaigns use drive-by downloads, where a user visits a
malicious website or a site that has been compromised, and the act of loading
the site causes the ransomware to automatically download onto the user’s
computer.
Other delivery methods are even more
sinister. Several panelists described the rise of “malvertising” campaigns,
where malicious code is hidden in an online ad that infects the user’s computer.
These attacks are particularly nefarious because they can occur even on trusted
websites through third-party ad networks that redirect the user to an infected
server. More recently, attackers have exploited server-side vulnerabilities to
deliver ransomware payloads by searching for networks that had failed to patch
known vulnerabilities.
How to defend against ransomware
So what can you do to defend against the
threat of ransomware? Panelists urged businesses to invest in prevention and
recommended:
·
Training and education. Implement education and awareness programs to train
employees to exercise caution online and avoid phishing attacks.
·
Cyber hygiene. Practice good security by implementing basic cyber hygiene principles:
o
Assess the
computers and devices connected to networks to proactively identify the scope
of potential exposure to malware.
o
Identify
technical measures that can mitigate risk, including endpoint security
products, email authentication, intrusion prevention software, and web browser
protection.
o
Implement
procedures to keep security current. Update and patch third-party software to
eliminate known vulnerabilities.
·
Backups. Back up
your data early and often.
o
Identify
business-critical data in advance and establish regular and routine backups.
o
Keep
backups disconnected from your network so that you can rely on them in the
event of an attack.
·
Plan. Prepare
for an attack. Develop and test incident response and business continuity
plans.
How to respond if you’re a victim
If ransomware strikes, panelists urged
organizations to consider these steps:
·
Implement your continuity plan. To be ready if an attack occurs, have a tested
incident response and business continuity plan in place. Well-prepared
organizations with reliable backups may be able to restore systems from those
backups with minimal data loss or business interruption.
·
Contact law enforcement. Panelists recommended immediately contacting law enforcement, such as a
local FBI field office, if you discover an attack.
·
Contain the attack. Keep ransomware from spreading to networked drives by
quickly disconnecting any infected computer from the
network.
What should organizations do if there
are no backups available? Does it ever make sense to pay the ransom? Most panelists,
including law enforcement, don’t condone paying the ransom. If you pay, that
doesn’t guarantee your encrypted data will be returned. In some cases the
attackers simply increase their demands once a victim expresses a willingness
to pay. Despite the serious risks to consider before paying a ransom, panelists
also recognized that businesses may need to evaluate all possible options in
the event of a crippling ransomware attack that limits the organization’s
ability to function.
The Fall Technology Series continued last month with a workshop on Drones and will conclude with a workshop on Smart TVs on December 7th. Looking for advice on addressing the ransomware risk? Watch this video.
Original
No comments:
Post a Comment