All organisations must take the threat of ransomware seriously and put plans in place to stop, or at least mitigate, the damage it can do as criminals cash in on this lucrative form of cyber crime.
This was the stark warning delivered by Mimecast’s director of product marketing Dan Sloshberg, while speaking at the Computing's Enterprise Security and Risk Management Summit on Thursday.
He began by noting just how popular ransomware has become among all nefarious actors operating online.
“There are all sorts of people carrying out ransomware attacks now, from hacktivists to nations states and organised crime gangs. It’s popular because it requires very few skills to use.”
“The return on investment on ransomware is massive, which is why we are seeing these attacks so often,” he added.
Sloshberg explained that because it is so easy to use ransomware there are now numerous crime kits that can be used to manage how the malware is used, including tracking who you’ve targeted and infected, to helping to manage the extortion process.
Indeed, he noted that latest FBI estimates say ransomware is now a $1bn industry, and this only covers the amounts being paid to the crooks, not the post-event remediation costs that firms have to bear, so is likely even higher in reality.
Even more worryingly, Sloshberg noted that many ransomware tools are now evolving to focus on the server side, rather than just individual client machines, because the potential rewards are so much higher.
“If you get into the wider infrastructure you can have a much bigger impact and the chance of someone paying the ransomware is a lot greater."
Compounding all this is the fact that it is very easy for crooks to target organisations with ransomware within emails either as malicious attachments, or with links to sites hosting the malware, making it easier to find a victim.
He noted, for example that it is very easy for crooks to find information that gives their emails the appearance of being legitimate, such as using public filings to discover who a firm’s auditors are, so that an attachment designed to look like an invoice, for example, appears legitimate.
“We see that attackers are willing to do research before launching an attack and that quite often they after specific people in an organisation who they know may be susceptible to clicking on that link.”
To tackle this threat Sloshberg said firms should consider using whitelisting to ensure only approved sites or services can run on their networks so staff cannot reach dodgy sites laden with malware.
As well as this he also said network segmentation tools can help mitigate the risk if ransomware does make it into the business.
“This means if something does get through it does not have a clear run at your entire network but is contained in one area.”
He also said firms should consider how they would react if they were hit with ransomware by having the necessary business continuity plans in place.
“You need to think about how key business critical apps could be accessed if you were hit by ransomware,” Sloshberg said, suggesting that having data backed up in the cloud is one way that this can be circumvented.
The warnings from Sloshberg chime with Computing research revealed at the event, that found ransomware is often the biggest threat that is only discovered after it has made an impact, underlining how successful it can be in breaching defences.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere