Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/21/2016
08:00 AM
Connect Directly
Facebook
Twitter
RSS
E-Mail
100%
0%

Ransomware Surveys Fill In Scope, Scale of Extortion Epidemic

Half of all surveyed organizations have been hit with ransomware campaigns in the last year, many more than once

Some 50% of organizations have been hit with a ransomware infection in the last year, and of those, 85% have suffered from three or more attacks, according to a user survey conducted by security vendor SentinelOne.

As a result, 70% of respondents report an increase IT security spending, and 65% have changed their security strategies to focus on mitigation. More than half — 52% —  say they've lost faith in their antivirus protection.

"It’s not surprising to see high levels of apathy towards traditional antivirus software, and we don't expect the ransomware epidemic to slow down anytime soon," says Jeremiah Grossman, chief of security strategy for SentinelOne, in a statement. "The situation is likely to get far worse, as some of the ill-gotten gains will be invested into research and development designed to improve encryption strength and utilize new delivery methods, as witnessed with Locky.”

Tis the season for vendors' ransomware surveys. PhishMe reports this week that developers of Locky ransomware have shown "creativity, agility, and adaptability" in their repeated improvements to the malware, frustrating the efforts of analysts, researchers and infosec professionals to prevent or mitigate attacks. And Cato Networks says that 73% of CIOs view defending against ransomware and other emerging threats as their top priority for 2017.

While few security pros would deny that ransomware is a growing problem, the trio of vendor reports begins to put the scope and scale of this malware epidemic into sharper contrast.

"Infosec professionals need to understand that ransomware leverages the current malware infrastructure, it's extremely easy to create, and it scales very well. It's also very lucrative for the bad guys," Grossman tells Dark Reading in a phone interview. Left unaddressed, the proliferation of ransomware threatens to mirror that of spam. "We have an opportunity now, but if we wait too long, ransomware's going to be everywhere," he adds.

Grossman also distinguishes between two kinds of ransomware attacks: indiscriminate and targeted. With indiscriminate campaigns, the bad guys know nothing about the content or value of the data they're encrypting. In a targeted attack, bad actors will go after a healthcare organization, for example, because it's literally life and death and widely assumed that they'll pay. "A couple weeks ago, a company was targeted and four hospitals had to reschedule patient operations while they dealt with ransomware infection," Grossman explains.

SentinelOne surveyed 500 "cybersecurity decision makers" at organizations with more than 1,000 employees in October 2016, including 200 people in the US, and 100 each in the UK, France, and Germany.

What can organizations do to protect themselves against this kind of extortion? One obvious preventive measure is performing regular data backups, so if an organization's servers or desktops get hit with a ransomware attack, they'll have unencrypted copies in reserve that allow them to carry on with business as usual. "One thing ransomware has done is inadvertently exposed the lack of backup data" on the part of end-users, Grossman explains.

It really comes down to patching, especially since browsers are getting hit with drive-bys; another protection is to monitor inbound attachments on email and to disable macros. "Should malware get into the system and start to execute, there's technology available that detects bad apps at runtime," Grossman recommends.

SentinelOne's survey highlighted other issues for companies hit with ransomware:

  • Company data most often affected by ransomware campaigns was financial data (52%), employee information (46%) and customer information (37%);
  • 68% of respondents agreed that traditional security techniques can't protect organizations from the next generation of malware;
  • Most companies still assume responsibility for data breaches and ransomware attacks; only 42% say they would demand answers from their IT security vendors.

Related stories:

 

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 3   >   >>
BPID Security
50%
50%
BPID Security,
User Rank: Strategist
11/21/2016 | 10:10:36 AM
Ransomware defense strategy
The concept of ransomeware is insidious, not just that it encrypts but that it can be forwarded via email to all your email recipients.

That being stipulated, it should be rather easy to have the OS, or any OS, monitor activities for encryption and notify users of questionably nefarious activities.

Online game makers have long ago created CPU process monitors to prevent realtime game 'cheating'.

The function is simple to understand, monitor for encryption code running in the cpu rather than the contents of an executale. Then stop it unless the user permits. Otherwise send it to AV for cleanup. Building it is a bit more complex as was the one my firm built for a client. Really the CPU resources and disk activity of full disk encryption is really easy to detect.

Ransomware exists because we make computers with an interface non technical people can use, It wouldn't live very long in a command line OS. Holding users responsible for their failures just adds more stuff people will ignore. It is the responsibility of the service, software or vendor to protect the user.

As an analogy: If you rent a hotel room for a night, go to dinner and your door doesn't lock, and someone comes in and spray paints the room and your possessions, who is ultmately responsible for the loss? You as temporary rentor of the service, or the security of the hotel?

We need legislation to clearly identify responsibility and the limits of that responsibility.

Still, it is a problem that technology created, one that is beyond the technical expertise of most users, and one that is solvable through intelligent technology.
T Sweeney
50%
50%
T Sweeney,
User Rank: Moderator
11/21/2016 | 10:45:49 AM
Re: Ransomware defense strategy
Thanks for your post, BPID... we hear this same refrain with each new threat type that emerges: Vendors can fix this in software without involving the user. And yet here we are again!

I'd welcome better insight as to what happens on the vendor or developer side. Is ransomware prevention just one more thing in the OS security equivalent of whack-a-mole? Do vendors only see costs that they won't recoup?
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/21/2016 | 4:17:38 PM
Re: amazing
Excellent article plus its information and I positively bookmark to this site because here I always get an amazing knowledge as I expect.
ClaireEllison
50%
50%
ClaireEllison,
User Rank: Apprentice
11/21/2016 | 4:20:42 PM
Re: Iamazing
Excellent article plus its information 
Shantaram
100%
0%
Shantaram,
User Rank: Ninja
11/22/2016 | 5:21:28 AM
Re: 192.168.l.l
It is the right words, I fully agree with you
kasstri
50%
50%
kasstri,
User Rank: Strategist
11/22/2016 | 7:50:27 AM
Re: keydown
Thanks for your post, BPID... we hear this same refrain with each new threat type that emerges: Vendors can fix this in software without involving the user. And yet here we are again!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/25/2016 | 5:30:41 PM
Re: Ransomware defense strategy
Good points.  This is why I preferred the days of MS-DOS.  After I was compelled to upgrade, my understanding of my computer and its processes severely diminished.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2016 | 2:09:45 PM
Randsomware industry
Randsomware has become a new industry, we need more regulations and accountability on it to keep it at minimum damage.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2016 | 2:12:31 PM
Re: Ransomware defense strategy
"The concept of ransomeware is insidious, not just that it encrypts but that it can be forwarded via email to all your email recipients." It makes sense, at the end of the day went something not accessible by owner so they can get money of it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/27/2016 | 2:18:54 PM
Re: Ransomware defense strategy
"Ransomware exists because we make computers with an interface non technical people can use" I agree, I also think preventing from randsomware is more non-technical than non-technical.
Page 1 / 3   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.