Ransomware has been the primary online threat for the past couple of years, and it is expected to be just that in 2017. Let’s take a survey from June 2016 by Osterman Research, which revealed that almost one out of every two participants indicated their organization had been through at least one ransomware infection. Moreover, CNN reported that $209 million was paid to ransomware criminals in the first quarter of 2016.
TrendMicro’s predictions reveal that 2017 will see a 25-percent growth in the number of new ransomware families. TrendMicro also predicts ransomware operations to become fuller, deeper, and wider, reaching out to mobile and smart devices. In other words, the ransomware revolution will steadily continue and will even reach new heights. What aspects of the ransomware chain are expected to improve?
Ransomware 2017: More Victims, More Profit
As explained by Brandon Gunter, IT consulting senior manager at Moss Adams, “dated systems that contain vulnerabilities that the industry did not consider when the systems were developed control a great deal of critical infrastructure”. Vulnerabilities combined with the harshness of ransomware encrypting critical data will continue to be very attractive to cybercriminals.
Furthermore, ransomware operators are constantly seeking ways to infect larger numbers of users, and will continue to expand its range of victims. For example, let’s take the ransomware that hit the Municipal Transport Agency of San Francisco’s subway. As we wrote, the ransomware managed to impact other related systems, such as administrative computers, payment systems, SQL database computers, terminals and kiosks. The malware had most likely been coded by someone with experience because it had a worm-like capability to spread across different types of devices, suggesting experience in malware coding. Even Macs were affected, rising the number of infected devices to roughly 8,500.
Another factor contributing to the success of ransomware is the urgency needed to restore access to data and systems. In most cases, organizations are not prepared to address the outcome of ransomware attacks in a timely and efficient manner. Not to mention that depending on the victimized organizations, the consequences can be really damaging. If an organization does not have an urgent security response plan, it has no other choice but to pay the ransom.
As illustrated by Kevin Hyde (managing director at Layer8) for NetworkWorld, a ransomware attack on a police network or 911 dispatch center will make those civil functions inoperable, and this could result in many criminals getting away with preventable crimes.
Ransomware’s Impact on Critical Infrastructure
The list of organizations affected by ransomware is quite length: financial institutions, large retailers, water treatment plants, government agencies, the Department of Defense, law enforcement, power grids. Critical infrastructure is at risk, as well as large amounts of valuable or sensitive data, experts warn.
Larger organizations are becoming more appealing to cybercriminals, and are often victimized. Ransomware operators have made millions from critical infrastructure, especially since industries are connecting vulnerable control systems to the Internet, making attacks easier than ever. There is the pressure to manage systems more efficiently and the industry is left with not much choice but to rely on IoT.
Things are getting so out of hand that cybercriminals have had difficulty finding buyers of data obtained from data breaches! Criminals are often going back to the victimized organization selling back their stolen or encrypted data, according to Justin Fier from Darktrace.
How to Counter Ransomware, the Enterprise Version
Organizations should implement several steps to mitigate ransomware. One crucial step is the adoption of mature endpoint security measures. A multilayered endpoint security will protect web browsing, outbound traffic, various system settings. It will also stop phishing attacks, and will keep an eye on individual endpoint to get in the way of malware and ransomware, as suggested by Moffitt.
In addition, the organization should guarantee that the recovery plan and backup and tools are separate from the data and systems that could be targeted by ransomware. Automated on-site and cloud-based backup tools will give the business choices even in case of ransomware attack.