Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/24/2017
10:30 AM
Dan Larson
Dan Larson
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

4 Reasons Why You Should Take Ransomware Seriously

The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?

According to a recent ransomware report from the Institute for Critical Infrastructure Technology (ICIT), 2016 saw a wave of ransomware attacks that were increasingly sophisticated and stealthy. The FBI forecast that the haul from ransomware would reach a billion dollars last year, and it seems as if no industry is safe from being targeted. As ICIT reports, even critical infrastructure entities such as healthcare organizations have become prime targets, with hospitals in the US and Germany paying ransoms rather than risk their patients’ lives.

Why is this alarming increase occurring? ICIT argues that it's due to the highly profitable nature of ransomware attacks coupled with inadequate enterprise defenses. Combined, these two factors are attracting a more advanced breed of cybercriminal  who is motivated by the potential of a bigger payout, faster and more anonymous — and thus less risky — than the advanced persistent threat exploits often used to steal credit card numbers and other sensitive data.

Compounding these challenges is the fact that law enforcement agencies have not provided a unified response to the ransomware threat, in some cases advising victim organizations to pay the ransom to retrieve their data. At the same time, criminal hackers have developed ways to circumvent standard security measures such as sandboxing and intrusion prevention systems. 

If that's not enough to convince you, here are four more reasons to take ransomware seriously: 

  1. Ransomware continues to evolve. Whether your organization is the victim of a ransomware exploit that encrypts files or a type that encrypts the master boot record and blocks access to an entire system, the standard solutions you have in place may not be enough to protect you. New variants of ransomware are continually being developed. They employ an array of techniques aimed at circumventing your security, including deleting Volume Shadow Copies, making it impossible to restore from backup files or avoiding detection by hiding in Microsoft macros or JavaScript files. The criminals who develop ransomware have become so sophisticated that many are offering ransomware as a service, widening the pool of potential victims.
  2. Standard security solutions may not protect you. Ransomware's ability to quickly change and mutate utilizing polymorphic or fileless malware has exponentially increased opportunities for ransomware to find its way into your organization. Conventional endpoint protection that relies on signature-based detection isn't up to the task of finding ransomware before it strikes. Adding solutions such as whitelisting, the ability to detect indicators of compromise, or machine learning can increase your protection, but in some cases will be unable to prevent an attack. And unlike malware infections that slowly exfiltrate your data so that postinfection detection may minimize loss, in the case of ransomware, prevention is often your only recourse. Once ransomware enters undetected, your data is immediately encrypted and inaccessible, or your systems are locked down.
  3. Compliance may be at stake. Most organizations retain sensitive data that is subject to regulatory legislation mandating its protection. When a breach happens and data is exposed, the victim organization must inform its customers and partners, and can incur substantial fines if regulations are affected. Ransomware attacks may not result in protected data being stolen, but organizations are still responsible for alerting all their constituents if an attack occurs. This can cause significant damage to an organization's brand. As Dark Reading reports, the Federal Trade Commission (FTC) has come down hard on companies that fail to protect their customers’ data. FTC Chairperson Edith Ramirez recently suggested that a company's failure to take action to prevent a ransomware attack could result in enforcement action — even if the company hasn't been the victim of an attack.
  4. Data recovery can be complex and costly. The cost and complexity of recovering files after a ransomware attack are why many companies, particularly smaller organizations, choose to pay the ransom. Even with a comprehensive backup system, in today's widely distributed organizations, files can be located across hundreds of devices. Though the attack may begin on one laptop, the ransomware could have access to other systems connected to the laptop, resulting in a costly drain on IT resources as they struggle to map and contain the damage. Even worse, if you’re the victim of a new ransomware variant that’s able to delete your backup files, recovery won’t be an option.

The Best Defense Against Ransomware
To combat the escalating level of ransomware sophistication, organizations need a multifaceted approach with complementary prevention and detection methods. One important method is to focus on indicators of attack (IoAs), a form of behavior-based detection that looks at the underlying actions taken by the threat rather than trying to pattern-match a new file to a signature. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features. Coupled with endpoint detection and response, machine learning, and proactive threat hunting by security experts, organizations can ensure that they have the prevention capabilities in place to alert teams of ransomware attempts before encryption can be initiated.

Related Content:

Dan Larson is Technical Director at CrowdStrike. He's a 10-year veteran of the information security industry with expertise in endpoint protection, encryption, embedded security, endpoint detection and response, as well as security management and advanced threat protection. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2322
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
CVE-2021-20019
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
CVE-2021-21809
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVE-2021-34067
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
CVE-2021-34068
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.