Ransomware is the fastest growing, and one of the most troubling, IT criminal enterprises attacking networks today. In fact, business models for growing and spreading ransomware are actively being marketed with some sellers making more than $100,000 per year. Ransomware as a Service (RaaS) is a new, sophisticated and efficient model that reduces barriers to entry and start-up costs for criminals who want to gain access to this lucrative market.
A report from the Institute for Critical Infrastructure Technology (ICIT) notes that poor endpoint security is one of the key factors in the growth of ransomware attacks. As this new criminal phenomenon gains steam, the headlines and articles will work their way from IT magazines to mainstream media in the way that the WannaCry attack hit the headlines back in the summer, leaving organisations open to very high profile media scrutiny. Therefore it is critical to develop security practices to protect both your network and your business reputation from these malicious attacks.
Here are three myths that you should reject as you plan your defence:
1. You Have Nothing Worth Stealing
This may, in fact, be a true statement for many individuals and small businesses. However, the objective of most ransomware attacks is not to steal your data. The objective is to collect a ransom (fee) in return for decrypting your data and returning your computer or network back to normal operation. Therefore, it does not matter if your data has no value to anyone on an open market. If it has value to you, it can be a target. Something as simple as your iPhoto files of family events can be a valuable target if its loss means more to you than the cost of paying the ransom demand. A very important protection from this type of attack is to back up your important files on a regular basis. Also, be sure to back up to a drive that is not connected to your computer or network otherwise it is still at risk.
2. Perimeter Security Is Not Critical
The ICIT report mentioned above also states that, “Of the lines of network defence available to an organisation, endpoint security is uniquely capable of stemming the growing ransomware menace.” It is also important to note, however, that endpoint security is one of many potential protections that should be employed. The Next Generation Firewalls with integrated Intrusion Prevention and Data Loss Prevention appliances are a few examples of current perimeter protection devices to be deployed. The TAPs that are used to connect these devices look like a wire to the network and provide fail-safe protection, keeping the network alive in the event of power loss to the appliances. While it is best to use a multi-stage security approach including anti-malware software, the endpoints are the foundation.
3. It Might Be Cheaper Just To Pay Up
Some reports on this subject show that only a very small percentage of ransomware victims actually pay up. Despite this, it is estimated that businesses have lost up to $1 billion a year to ransom payments so it is a growing and lucrative business. However, sometimes money is not the ultimate target of an attack. While the victim is chasing the ransomware, the attacker is actually perpetrating another attack elsewhere in the network, stealing important confidential information.
The Ransomware Economy report by Carbon Black reveals that from 2016 to 2017 the ransomware market grew by 2,502% from $249,287.05 to $6,237,248.90. The marketplace for ransomware on the dark web has exploded thanks to software for hacking being made available “off the shelf” to potential new cyber criminals to use as soon as they are ready. As ransomware templates spread into criminal enterprises, these attacks will become more common. It is not just traditional computer networks that are affected either as ransomware has begun to affect IoT devices such as thermostats, vehicle control networks, industrial control equipment and medical devices. These are arguably more distressing to deal with as you cannot back up data like you would with your computer, giving you little choice other than to pay-up.
For now, the best defence is to layer up the security starting with a foundation of strong perimeter protection and adding malware protection software, email security, and sound access policies for users. Train users so everyone who touches your network will be aware, vigilant and sceptical of unknown messages.