While ransomware is not a new feature in today’s information security world, this type of malware is slowly making its way up the headlines. Last month the FBI Cleveland office reported a 33% rise in the number of complaints filed regarding ransomware to 2,400 in 2015. The reported loss was over $24 million, which in my opinion is highly understated as most people impacted by ransomware are likely to pay up small sized amounts to get their data back. And the worst part is that anyone can be a victim of ransomware as the target can be as big as a multinational and as small as a teenager’s social media account.
What do we know about ransomware?
Not much it seems, according to Kaspersky Lab. Released this month, a study by Opinion Matters, which surveyed some 6000 adults in North America, revealed that 43% of the respondents did not even know what ransomware was and 44% confessed that they did not know what data or information could be stolen in a ransomware attack. In addition, a similar percentage said that they wouldn’t know what steps to take in order to stop such an attack.
While such statistics are damning, I am sure that today’s generation is very protective about their information, and wouldn’t want it falling into the wrong hands. Ransomware targets any computing device to prevent access to applications or data, either by encrypting the data or blocking access. And to regain access would mean parting with some of your hard earned currency. An older ransomware ploy was to lie that you are being fined by government agencies as illegal activity has been discovered on your computer.
How does ransomware impact its victims?
Ransomware usually comes into a smart device through the internet or through an application. So if you or your employees visit unsafe or fake website, click on malicious links online, open suspicious emails or install strange applications, there is likelihood that a ransomware infection could have taken place. And once this happens, you are blocked from your applications or information through encryption.
The impact for a victim of ransomware can range from lost productivity, financial loss, legal fees, PR disasters and even loss of credit worthiness. All these stem from the fact that many users are unaware of how to remove ransomware when they come across it, plus the fact that it is very difficult to restore data to original state once a ransomware attach takes place. Paying the hacker to release your data from ransomware isn’t necessarily going to help as seen this month in Kansas where the Kansas Heart Hospital is yet to get its data after making the demanded payment.
What are the most prevalent ransomware attacks?
Teslacrypt was the most notorious ransomware of recent times, with Microsoft reporting it as having 42% of all ransomware attacks in the top 10 share. However, in a surprising move this month, the authors have closed shop and released Teslacrypt’s master encryption key allowing all affected victims to get their data back at no cost. But whether this is a charitable gesture or a far more malevolent action is yet to be determined. It is reported by Bleeping Computer that previous distributors or Teslacrypt have now switched to CryptXXX ransomware virus.
Other top ransomware in the top ten include Crowti, Fakebsod and Brolo. The United States, Italy and Canada are reported as the countries with the highest instances of detection of malware, with the US having a whopping 50% share of the malware attacks in the top 10 countries globally. In my opinion, we are going to see a lot more of these attacks particularly as IoT gains prevalence in main stream electronic devices. Fancy a car being taken hostage through malware, or even worse a fleet or a model; that is very scary!
How to deal with ransomware attacks?
Prevention is better than cure so I would say that having proper precautionary measures such as updated antivirus plus software, offline backups, data encryption as well as secure browsing, downloading and email habits are the main steps that individuals and organizations can take to prevent against ransomware.
There are ransomware removal tools from the main cyber security vendors including Kaspersky, Norton, Bitdefender, MacAfee and Microsoft who frequently issue specific decryptors to deal with targeted ransomware. They work to decrypt files that have been encrypted by ransomware and also to remove the said ransomware. However, with new malware appearing every day, it is tough for these guys to keep up and woe to you if you get infected with zero day malware for which a fix has not yet been released.
Who can help you with ransomware?
Getting a managed service provider who can help you deal with security issues can be a great help especially when it comes to malware. NIC is such a cyber security partner, who offers the constant vigilance and proactive measures your business needs to stay ahead of the growing threats. We cater to businesses of all sizes and currently assist numerous companies in developing their DR plans and backup services. Contact us and see how we can help you stay ahead of these threats through our cyber fusion center.