The incidence of ransomware attacks increased 36 percent in 2017, and global damage is expected to exceed $11.5 billion by 2019. Projections for the same year show attacks could be as frequent as one every 40 seconds. Now more than ever, business owners need to know how to recognize ransomware, build strong defenses and prevent potentially devastating losses.
Victims of the attack wound up paying over $76,000 to recover data, but the overall effects were much more far-reaching and devastating
What is Ransomware?
Ransomware is a type of malware used by hackers to block access to data by locking authorized users out of a network or system. The most common type, known as “crypto malware,” demands victims pay a ransom to restore access or risk data being destroyed. Doxware, also called leakware, threatens to distribute sensitive information if the ransom isn’t paid.
This type of malicious software is usually delivered via a Trojan horse, a file or program appearing to be legitimate but containing infectious code executed upon installation. Although these programs are most often distributed through email as part of phishing scams, they can also be downloaded from fake versions of trusted websites.
There’s no guarantee hackers will turn over decryption keys for locked data once money is received.
Even though ransom costs associated with these attacks appear low, only about $1,077 on average, the biggest impacts come in the form of:
- Damage to or destruction of critical data
- Loss of time and productivity
- The cost of investigating the origins of attacks
- Data restoration and system cleanup
- Remittance paid to affected customers or users
As a result of these consequences of ransomware, businesses lost an estimated $8,500 per hour during 2016 and 2017.
The Biggest Known Ransomware Attack – So Far
These numbers pale in comparison to the estimated $4 billion in damages caused by the massive WannaCry ransomware attack of 2017. The global attack spread through more than 400,000 computers in 150 countries and infected over 70,000 medical devices operated by National Health Service (NHS) hospitals in England and Scotland.
WannaCry was distributed via a cryptoworm, a type of malware designed to spread on its own after initially infecting a device or system. This particular program made use of an exploit in Microsoft’s Windows operating system known as EternalBlue to spread from device to device. Although Microsoft had released patches for this problem 59 days prior to the attack, not all users had installed the update.
Users falling victim to WannaCry received a demand for $300 in ransom to be paid within three days, doubling to $600 on days four to six. By the end of seven days, hackers warned, locked data would be permanently deleted. Victims of the attack wound up paying over $76,000 to recover data, but the overall effects were much more far-reaching and devastating. When the attach hit the NHS, essential medical procedures were compromised and patients’ lives were put at risk.
Microsoft helped slow the spread of the infection by releasing emergency patches, and the attack was finally stopped when a kill switch was discovered.
The Future of Ransomware
By the time the WannaCry attack was launched, hackers had already begun updating their tactics. Ransomware, like all forms of software, is in an ongoing state of change, and both business owners and IT professionals need to be aware of new tactics requiring a fresh approach to data security.
In the future, hackers may use ransomware to:
- Directly attack servers or the infrastructure of whole systems
- Disable manufacturing equipment relying on artificial intelligence (AI) and machine learning
- Act as a distraction while other, more serious attacks are carried out
- Attack internet of things (IoT) and other “smart” devices in homes
- Disable devices and sensors used in smart cities
- Spread infections using new types of self-propagating worms or social engineering tactics designed to intimidate users and trick them into passing on malicious files
- Shut down or cripple transportation systems
The rise of ransomware-as-a-service is making it easier for people without detailed knowledge of code or experience with cybercrime to launch attacks. By providing cheap ransomware designed to be deployed from a central dashboard, ransomware-as-a-service acts operates using an affiliate model to bring in money for both attackers and the original authors of malicious programs.
Some hackers are taking another route entirely, abandoning ransomware in favor of cryptocurrency mining through a process known as cryptojacking, in which targeted devices are used to illegally obtain digital funds. These programs run in secret, so it’s not always easy to detect when a device has been infected.
Ransomware Defense – The Holistic Solution with Trend Micro and Acronis
Because ransomware attacks can be both subtle and devastating, companies need to take a holistic approach to protection. Software from TrendMicro and Acronis provides solutions to common challenges and can be incorporated into a robust security strategy.
With software for both enterprise-level organizations and small businesses, TrendMicro takes a multi-layered approach to:
- Block ransomware from infecting networks and systems
- Prevent malicious programs from reaching enterprise servers
- Safeguard email communications in a cloud-based gateway
Monitor user behaviors across endpoints
With Acronis, companies get active data protection for multiple file types, including documents, media and programs. The company’s Acronis Backup solution can be set to run backups as often as necessary without affecting system performance, and backup files are covered by the same level of protection as other data.
Hackers can’t interfere with a backup in progress, and Acronis Active Protection works to detect any potential malicious activity. If attacks are discovered, the program can deflect the intrusion and quickly restore damaged or lost files. Backup files are always available, and the recovery process is designed to minimize downtime in the event of a disaster.
Preventing Ransomware Attacks
Some statistics show the use of traditional ransomware may be declining. Users are getting wise to phishing scams, and many have ceased to pay the ransoms hackers demand. Putting strong protections in place to prevent ransomware from infecting and spreading through systems may help to further reduce the execution of these types of attacks.
To minimize the risk of suffering damages from ransomware, companies must:
- Educate employees about how to recognize and handle phishing scams
- Implement routine redundant backups following the “3-2-1” rule, storing files on two different types of media and in one remote location
- Performing regular updates to ensure all software patches are applied
- Hiring a robust team of IT security specialists, including cybersecurity professionals
- Install and utilize software designed to detect malicious activity and send immediate alerts
- Use strong passwords and change them regularly
- Implement a detailed policy addressing the use of employee-owned devices on internal networks
- Put strong firewalls and antivirus protections in place, like TrendMicro solutions, coupled with Acronis Backup 12.5 for restoration and disaster recovery
Some business owners choose to meet with competitors to discuss common threats and share defense strategies. Collaborating in this way allows companies to alert each other to potential attacks, strengthen security protection and prevent the spread of massive malware infections like WannaCry.
Should an attack occur, experts advise victims not to pay the ransom. There’s no guarantee hackers will turn over decryption keys for locked data once money is received, and sometimes more money is demanded after an initial payment is made. If proper security measures are in place, it shouldn’t be a hassle to recover lost or stolen data.
Identifying ransomware and knowing what protections to implement puts businesses one step ahead of hackers. The more robust the defenses, the lower the risk of a successful attack.