The Ever-Growing Ransomware Scourge

SEMA News—October 2017  

INTERNET

By Joe Dysart

The Ever-Growing Ransomware Scourge

Six Tactics to Protect Your Computer

  internet
SuperComputers such as IBM’s Watson are being trained to leverage artificial intelligence in the fight against ransomware and similar malwares.
   

While ransomware has long been epidemic, the latest figures are positively chilling, with 61% of businesses surveyed last year saying they had been hit by ransomware, according to a study by CyberEdge Group (www.cyber-edge.com/cdr).

Those who have been devastated know too well how it unfolds: You wake up one morning to find a message on your PC screen announcing that your computer has been hacked and that your files have been encrypted. If you want those files back, the message informs you, you’ll need to pay the hacker for the privilege. Sometimes it’s $500; sometimes it’s $5,000; sometimes it’s more.

Sometimes businesses pay the ransom, and they get their files back. Other times, businesses pay the ransom, the hacker laughs, and the files are never seen again.

“The findings of CyberEdge’s latest Cyberthreat Defense Report are consistent with what we’re seeing in the industry,” said Mike Rothman, president of Securosis (www.securosis.com). “There are more attacks, more sophisticated malware, and more complexity ahead relative to skyrocketing cloud usage.”

This difficulty is compounded by a global security skills shortage and the ongoing inability of most employees to not click on links that compromise their devices.

Probably most sobering was the breadth of the organizations surveyed. All told, CyberEdge researchers surveyed 1,100 security decision makers representing 19 industries in 15 countries. Each company responding employed at least 500 employees.

CyberEdge is not the only research firm documenting a major spike in ransomware victims. Information Security Media Group and Trend Micro came out with their own study (www.databreachtoday.com/whitepapers/2016-ransomware-response-study-w-2983), finding that 53% of U.S. firms surveyed reported that they were hit with ransomware. And 19% of the organizations said that they are repeatedly hit with ransomware attacks more than 50 times each month.

“Ransomware became one of the highest-profile challenges facing cybersecurity professionals in 2016,” said Tom Field, vice president of editorial at Information Security Media Group. “Based on our research, we feel that nothing indicates a slowing down of this problem. In fact, we may have only scratched the surface. With
organizations reporting that their own employees are their greatest threat exposure, I expect a drastic increase in training, awareness and vigilance across all organizations in 2017.”

Not surprisingly, the greatest consequence of ransomware was significant business disruption, according to ISMG. Fifty nine percent of victims said their businesses had been disrupted by the attacks. And 28% said their business reputation had been damaged.

The two studies were echoed by yet another study released by SonicWall (www.sonicwall.com/en-us/lp/2017-sonicwall-annual-threat-report), which found that 638 million businesses were hit by ransomware in 2016—up from 3.8 million attacks in 2015.

“Cybersecurity is not a battle of attrition,” said Bill Conner, CEO of SonicWall. “It’s an arms race, and both sides are proving exceptionally capable and innovative.”

A key factor behind the spike was the proliferation of “ransomware as a service,” according to Conner. The term refers to ransomware-to-go software packages, which are easy to buy on the web. They make it simple for criminals with even extremely limited technical knowledge to become hackers overnight.

Also contributing to ransomware’s rise has been the growing reliance on the internet of Things—or all those “dumb” devices businesses have connected to the internet, such as surveillance cameras, phone systems, security systems, smart terminals and smart vehicles. It turns out that the computer software on all those devices is by and large unsecured. In a phrase, it’s simply begging hackers to stop by and wreak havoc.

What’s a business to do? With a majority of organizations already victimized, it’s imperative to marshal your cyber defenses right now. The following items are best practices recommended by IT security experts:

Enlist Employees in the Fight: With multiple studies reporting that a majority of businesses were hit in 2016, ensuring that your employees are your first line of defense against ransomware is mission critical. Indeed, a majority of respondents in the ISMB study—60%—saw susceptibility of employees as the primary entryway hackers use to break into business computer systems.

New employees need to be given a crash course on common ploys hackers use to infiltrate company systems via the ransomware links they send in emails or seemingly innocent requests for IDs and passwords they make over the phone. And current employees need to be regularly monitored by firms such as Knowbe4.com (www.knowbe4.com), which will test your staff with common ruses regularly and send you a report on which employees are falling for hacker tricks.

Create a System Image of Your PCs That Features No Data: While its all the rage these days to create continuously updated system images of PCs—complete with all data on those PCs—it’s better to create a separate system image featuring no data, too. If you create a PC system image featuring no data—before you ever link that PC to the internet—you’ll know that particular system image is free of ransomware, malware and other viruses.

Once that PC is connected to the internet and you begin generating data on the machine, there’s always a chance ransomware has been downloaded onto it and is simply lying in wait for a time to strike. If that strike happens, you’ll be able to reformat the PC with the “applications only” system image you created prior to the ransomware infection.

Backup, Backup and Backup: Now more than ever, IT security experts are strongly recommending—in some cases beseeching—clients to create three data backups. The idea is to have your data continuously backed up to a data storage unit on premises, and then have a second copy of that backup which goes to the cloud.

The third backup, often referred to as “cold storage,” should be made daily to a storage device that is never connected to the internet. In practice, that means disconnecting your PC or network from the internet once a day, backing up all newly generated data to the cold storage device, disconnecting that updated storage device from you computer system, and then reconnecting your computer system to the internet.

Yes, such backup work is tedious, but so is waking up to see a message on your screen announcing: “Your files have been encrypted. Pay us $5,000 for the privilege of getting them back.”

Use Military-Grade Wiping Software If You’ve Been Hit: If you’re ever hit by ransomware or some other virus, you can use military-grade wiping software from firms such as WipeDrive Small Business (www.whitecanyon.com) to wipe your hard drive clean of the malware. It’s the same kind of software used by the U.S. Department of Defense to restore infected hard drives. And it gives you advanced options, including network wiping, remote wiping and advanced reporting.

Consider Taking a Hammer to Your Hard Drive If You’ve Been Hit: Given that ransomware is a never-ending battle, hackers know what tools businesses are using to thwart their software, and they’re working diligently to neutralize those tools. So if you’ve been hit by ransomware and you know it only impacts one PC, it may be easier to simply remove that PC’s hard drive, take a hammer to it, and replace it with a brand-new hard drive.

That move is much safer than trying to remove ransomware from a hard drive, which could take hours for your IT person to accomplish. Even then, the IT person will never know for sure if the ransomware has been completely removed from the PC, and simply replacing the hard drive may be much less expensive than trying to root out the ransomware on your old one. A 1TB hard drive goes for $50 these days and takes no more than an hour to install by an experienced IT person.

Look to Artificial Intelligence for Help: SuperComputers such as IBM’s Watson are being trained to leverage artificial intelligence in the fight against ransomware. “Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime,” said Denis Kennelly, a vice president of development and technology at IBM.

For more prevention/mitigation tactics, check out the SEMA News article, “We’ve Been Hacked” (www.sema.org/sema-news/2016/12/weve-been-hacked). 

Joe Dysart is an internet speaker and business consultant based in Manhattan.
646-233-4089
joe@joedysart.com
www.joedysart.com

Rate this article: 
No votes yet