Cyber security news has been filled in the last few weeks with articles about ransomware attacks. Indicators show that attacks are increasing, with threats to businesses of all sizes.
Some trends that have been identified include:
- The shotgun approach seems to be commonly used by attackers with some criminals customizing their ransomware code to specific industries. Volume rather than finite targets or companies is a common strategy. One ransomware variant attacked 90,000 computers daily.
- Ransom demands are frequently under $1,000. It is speculated that this tactic is used in an attempt to get more businesses to pay the ransom. The logic is if the ransom can be seen as a “nuisance” expense, it will be more readily paid than if a higher amount was demanded.
- Only a few victims need to pay each day to make this a profitable venture. Assuming hundreds of attempts are made a day and if only four businesses pay in a day for decryption at $300 each, that is a return of $1,200 per day. Over a year, that is a significant profit.
- Crypto ransomware focuses on encrypting specific data and files; Locker ransomware locks components or the entire system.
- Ransomware code is constantly being tweaked so there are numerous variants. Anti-malware/anti-ransomware can’t always keep up with the latest versions.
- Reputable websites are sometimes the culprit for spreading the malware. Advertisements with ransomware embedded have been identified on popular sites in recent weeks.
- Ransomware can also targeting Apple’s software. While Apple systems are still not targeted as frequently, they can be attacked.
- Ransomware encryption may employ different keys for each file, not just one key per computer system. This greatly increases the difficulty in decrypting files.
What Businesses Can Do
Businesses should follow at minimum, basic cyber security measures, including frequent backups. Additionally, businesses should consider white lists for internet website access and ad blocker software to reduce the chance of malware from infected locations.
Businesses should also discuss with their cyber security specialist how they will recovery when an attack occurs, so the business interruption is limited.
To learn more about securing your small business or nonprofit check out the resources at the National Cybersecurity Institute.
Cluley, G. (2016, March 16). Crypto-ransomware Spreads via Poisoned Ads on Major Websites. Retrieved from http://www.itsecuritynews.info/2016/03/16/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites-2/
Schwartz, M. J. (2016, March 11). FBI Warning: Ransomware Is Surging. Retrieved from http://www.govinfosecurity.com/fbi-warning-ransomware-surging-a-8962?rf=2016-03-14-eg&mkt_tok=3RkMMJWWfF9wsRonvq%2FAde%2FhmjTEU5z17OouW6a0lMI%2F0ER3fOvrPUfGjI4AT8tqNa%2BTFAwTG5toziV8R7DALc16wtwQWRLl
Scott, J., and Spaniel, D. (2016). The ICIT Ransomware Report. Institute for Critical Infrastructure Technology. Retrieved from icitech.org/wp-content/uploads/2016/03/ICIT-Brief-The-Ransomware-Report.pdf
Vijayan, J. (2016, March). Ransomware Will Spike As More Cybercrime Groups Move In. RSA. Retrieved from http://www.darkreading.com/vulnerabilities—threats/ransomware-will-spike-as-more-cybercrime-groups-move-in/d/d-id/1324720?_mc=NL_DR_EDT_DR_daily_20160317&cid=NL_DR_EDT_DR_daily_20160317&elqTrackId=68649638618e4fb79c4041896e27f7fc&elq=823cddb4d0404fcd9d916d5ad81d9611&elqaid=68488&elqat=1&elqCampaignId=20120