Over the past few years, it is no secret that Malware, Denial of Service Attacks and Zero Day Exploits have been among the most popular ways hackers launch cyber-attacks. Also, as cyber threats is becoming a more growing concern, so does the type of attacks that are available today. According to the author of “Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of Ransomware,” Alison DeNisco, Ransomware is rapidly multiplying and more than 718,500 users were hit with encryption Ransomware over a one-year period (2015 – 2016). The writer continues to add that this is an increase of 550% compared to the same period in 2014-2015 according to Kaspersky Lab.
As stated in the title, two-thirds of CIOs now believe threats increasing, cite growth of Ransomware. This is true because Ransomware is developed as one of the quickest ways for hackers to get money. For example, LA Times’ Richard Winton reported on February 18 this year that, “Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital’s computer systems and would give back access only when the money was paid, the hospital’s chief executive said Wednesday.”
Ransomware is an issue that the FBI and the U.S. Homeland Security need to address rapidly before it becomes more popular. For example, they can invite malware researchers to work with organizations to legally get paid if they can prove that known vulnerabilities exist or can be exploited.
Below are the two articles:
http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html
Good articles Mauchel. Ransomeware is one of the top and emerging risks at our organization as well.
I recently read the article below from Krebs on Security. Not only is the frequency of ransomeware increasing, but the financial demands of the attackers are also increasing. This article also supports the position that ransomeware attacks are shifting from “opportunistic” campaigns (using general exploit kits) to more targeted campaigns (e.g. spear phishing).
It does amaze me how some companies simply pay these ransoms because they do not have the appropriate controls in place to mitigate the risk of ransomeware. For example, in the Krebs article, one company quickly made payments of $600 in bitcoin because “the data on one of the infected systems was worth millions — possibly tens of millions — of dollars, but for whatever reason the company didn’t have backups of it.”
No backups….what?!? This is security 101!
Here’s a link to the related article:
http://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensive/
Thanks Jason. I find this hard to believe too the fact that most companies facing Ransomware rush to make payments. This shows how unprepared even certain big organizations are or how poorly they are managing their IT risks. Hopefully this is a wake-up call to all companies to better prepare for these types of attacks. It’s time re revisit, update or improve some Enterprise IT Architecture policies.
Mauchel,
Great article! Ransomeware has definitely been more relevant over the last few years, especially with untraceable payment methods such as bitcoin. It makes it possible for hackers to encrypt a company’s data and essentially get paid to give up the decryption key. Most companies will pay the ransom just to restore operations as quickly as possible. Although some companies may have complete back-ups, the time to get back up and running will cost more than the ransom being asked for. In the case of the Hollywood Hospital, they paid almost $17,000 to have their systems up and running again. This hackers could essentially exploit the same security flaws and hold them for ransom daily.
All I can really say about ransomware is that no one who is “doing it right” should ever have to pay. If you take a few basin steps you shouldn’t have a problem.
1. Keep your patching up to date
2. Don’t let your users login as an admin or superuser
3. Backup to another system, preferably one with a different operating system.
Wade