How Ransomware Rose to the Top of Cybercrime

Imagine this:

Your employees log in to their computers at the start of the day, ready to do business. They stop dead in their tracks, met by a message that reads, "Ooops, your files have been encrypted." The message goes on to demand a ransom be paid in bitcoin by a certain deadline. Once the ransom is delivered, your company will receive a decryption key. Your business has become the latest victim of ransomware.

Your business is far from alone. Ransomware attacks are increasing in number and sophistication. Kaspersky Lab's Ransomware in 2016-2017 report found that between April 2016 and March 2017, 11.4% more attacks occurred than during the same period in 2015-2016. These attacks affected 2.6 million users globally. Ransomware has quickly grown into one of cybercriminals' favorite tools.

To prevent the scenario described above from happening, your business should understand how ransomware operates and how to defend against it.

The Meteoric Rise of Ransomware

While ransomware has been around for more than 25 years, attacks have ramped up in just the past few years. Hackers have determined that using a cryptovirus to encrypt the victim's data is the best approach.

Cybercriminals are emboldened by the success of crypto ransomware attacks. They have moved from attacks on private accounts to targeted attacks on companies. Some of the favored targets are health care providers and financial institutions. Even law enforcement has fallen victim.

Why choose these targets?

These types of organizations are more likely to pay a ransom out of a sense of urgency. Decrypting the files can take days or even weeks-time a hospital, bank, or police station can't afford to waste. Last year, Hollywood Presbyterian Medical Center paid the equivalent of $17,000 in bitcoin to restore its patient files after being forced to use pen and paper to keep records after an attack.

Ransomware has been put within the reach of even amateur hackers with the development of ransomware as a service. For a fee, aspiring cybercriminals gain access to Petya malware without even knowing how to code.

2017: A Bad Year for Ransomware

In May and June of 2017, global attacks were staged using WannaCry and Petya ransomware. KrebsOnSecurity reported that 16 hospitals in the U.K. were paralyzed by WannaCry ransomware. The hackers exploited a vulnerability in a legacy Windows operating system that had not been patched.

According to the New York Daily News, approximately 100 countries were attacked in 45,000 separate incidents. The U.S. narrowly escaped when a British programmer stumbled on a kill switch, ending the attack.

And that's not all:

A global Petya ransomware attack followed soon after. The Guardian revealed that the hackers demanded the equivalent of $300 in bitcoin in exchange for a decryption key. Attacks occurred in Russia, Ukraine, France, Germany, Poland, the U.K., and the U.S., affecting 2,000 users. Kaspersky Labs warned that the algorithms used to encrypt the files would not allow them to be decrypted even if companies paid the ransom.

The Evolution of Ransomware Attack Vectors

Hackers are switching their tactics to stay ahead of companies' defenses. In the past, most ransomware infected company systems through spearphishing campaigns. Cybercriminals used social engineering to learn how to fool employees into opening fake emails with infected attachments.

Now hackers are becoming more aggressive. For instance, the SamSam virus attacks companies though their network routers. The hacker scans the remote desktop protocol (RDP) for a vulnerable port number. Once the port number is located, cracking software is used to find the password. Unlike previous ransomware versions, SamSam automatically deletes any backup files.

Taking the Bite out of Ransomware Attacks

In response to escalating ransomware attacks, the FBI has cautioned victims against paying the ransom. Instead, it recommends being proactive.

Employees must be educated on how to recognize and avoid opening phishing emails. Patching vulnerabilities prevents hackers from exploiting flaws in legacy software. To defend against the most aggressive forms of ransomware, companies must keep off-site backup files so they can restore operations without paying a ransom.

Working with the right partner helps your company strengthen its defenses against ransomware. InfoSystems offers a comprehensive portfolio of security solutions from leaders in the industry. We can conduct a thorough security assessment and design a security strategy to protect you from the most sophisticated attack vectors. We also partner with APSU for managed services, enabling you to access software for 24/7 security management.

Get detailed information about protecting your network. Read our white paper, How to Safely Secure and Store Your Data.