2017, Year of the Business Ransomware ?

Share this story

A few thoughts and musings on my thoughts on the direction of Ransomware in 2017, based on what I have read, learnt, tested etc etc.

  1. Ransomware will continue to evolve over 2017, but its reported that it will plateau. The threats are growing more complex in nature, but the delivery methods still remain, in the main, over email and web activity by the business users.
  2. The primary source of infection, at the moment, is through your users through Web and Email. Its important to continually educate users on safe browsing and, where appropriate, implement controls to mitigate attack vectors such as email delivery. Listen out for red flags from users, complaining that their systems are running slow etc.
  3. Its expected that Ransomware will make a shift towards the mobile platform in 2017. The mobile estate is huge, billions of devices, giving the Threat Actors a large base to attack and hold to ransom. This can particularly affect Businesses with poor or no BYOD or MDM platforms for management and control. Businesses that have a large reliance on their mobile estate, Ransomware could prove a significant risk for the Business.
  4. With the advent of GPDR, there could be a rise in naming and shaming of organisations that have been compromised by Malware or Ransomware. As an example the compromise on the San Francisco Public Transportation system. Although MUNI didn’t pay the ransom, everyone knew about it.
  5. More Businesses will be targeted in the coming year. Hackers will switch tactics and focus efforts on businesses. Once inside a Business, Ransomware can seek out larger value targets such as file stores, databases and eventually Sharepoint.
  6. Ransomware will be increasingly harder to detect. Its already designed to be silent, run as a background task and generally start and work under the radar.
  7. We have been reading reports of a shift in design of Ransomware, so that it can effectively operate offline, standalone. This has benefits for the criminals in that it does not require a command and control connection and can infect standalone machines not connected to the Internet.

According to a recent survey reported by Tripwire, only 34 percent of IT professionals claim that they are “confident” that their companies could recover from a ransomware attack. This is concerning for a number of reasons: chief among which are the facts that ransomware is an increasingly common form of theft, and ransomware is increasingly being used to target organisations rather than individuals.

Why have cyber criminals begun to target organisations in their ransomware attacks? This trend is really the result of a risk vs. benefit analysis: organisations are often willing and able to make much larger ransom payments, and they are often only slightly more prepared to defend against an attack than individual users.

According to estimates, as few as 3% of organisations actually end up paying ransomware fees when they are attacked. However, virtually are organisations suffer in some way or another when they are faced with a ransomware infections: this could mean paying an IT expert to disarm the attack, permanently losing valuable data, or, of course, paying the ransom.

Despite its recent rise to prominence, surveys also show that ransomware is not the number one cyber security concern for most businesses: that title belongs to phishing attacks. As has been pointed out by a number of experts, phishing attacks are, in many (but not all) cases, the weakness that is subsequently exploited in order to initiate a ransomware attack. However, malicious adware and compromised websites are other common ports of entry for ransomware software.

In order to protect your organisation from the potential threat of ransomware, a multifaceted security approach that encompasses both prevention and response is a necessity.

Is your organisation prepared for a ransomware attack? Do you have measures in place to minimise the threat? Do you know how you would respond if you were attacked? If you answered no to any of these questions, visit Network & Security online today to learn more about what you can do to stay safe.


Comments are closed.