Ransomware attacks expected to increase

PhishMe has released its April Cybercrime Alert, warning all organisations that its threat researchers expect ransomware attacks to increase as cybercriminals become increasingly aware that:

Tuesday, 5th April 2016 Posted 8 years ago in by Phil Alsop

§ Ransomware is readily-available and changes faster than detection technologies can respond

§ In most cases, paying the ransom is the only way to free hostage data and systems

§ Recent successful ransom situations will only encourage more attempts

§ Cryptocurrencies such as Bitcoin can be used to force untraceable ransom payments

§ Humans are widely susceptible to phishing, the most commonly used ransomware attack vector

Ransomware has existed for several years but has been primarily used to victimise unsuspecting consumers. However, as PhishMe has observed, hackers are now turning their focus from just private individuals to more lucrative targets such as businesses and government agencies as they employ unbreakable ransomware strains, including: Cryptowall, TeslaCrypt, Locky, Cerber, Troldesh and CTB-Locker.

Rohyt Belani, PhishMe CEO and co-founder explained, “2016 is quickly shaping up to be the ‘year of the ransomware attack,’ which is not surprising, given the current state of information security and how organisations approach their overall defensive strategies. The combination of cryptocurrency, an increase in world-wide data connectivity, poor backup procedures, and employees who are ill-equipped to help defend against phishing attacks has led to the perfect storm for ransomware to succeed."

The most high-profile ransomware attacks the industry has experienced lately include:

§ OS X – Typically thought of as less vulnerable to viruses and malware, ransomware hackers are now successfully targeting OS X systems through sophisticated phishing emails that use KeRanger malware to encrypt the data on a computer and render it inaccessible until a ransom is paid in bitcoins

§ Hollywood Presbyterian Hospital – Using phishing to trick an unsuspecting employee, attackers seized the hospital’s entire IT system, stalled critical healthcare related communications and extorted $17,000 in ransom

§ Plainfield, New Jersey – Using phishing emails targeted at employees researching grants, hackers compromised three servers before city officials were able to pull them offline, effectively locking up the town’s files in order to receive a small sum until the officials turned to law enforcement for help

§ MedStar – News reports are now confirming that this is the latest in a series of phishing-related ransomware attacks on healthcare facilities; while it wasn’t known at the time of this release if a ransom had been paid, media has said the facility confirmed that systems critical to patient care for thousands were locked for a time

Technology Layers Are Insufficient Defence: Arm Your Organisation, Back Up Your Data

As ransomware attacks continue to grow in number and sophistication, organisations should reassess their current security strategy.

There is a common misconception that adding layers of automated defence technologies will reduce the risk of falling victim to ransomware attacks. While endpoint security products and secure email gateways can offer some level of protection, sooner or later a phishing email, which is the most widely-used attack vector, will penetrate defences and an employee will be faced with determining whether or not an email is legitimate or part of an attack. If human targets haven’t received effective conditioning, they are 97 percent more likely to open an email and click on a malicious link or open a malware-laden file attachment that may unleash ransomware. To reduce your organisation’s odds of falling victim to ransomware, take the following key steps:

§ Conduct phishing attack simulations, based on real-world threats, that condition employees to recognise malicious emails

§ Assess your employees’ susceptibility to phishing attacks, leverage industry benchmarks and comparisons that gauge the effectiveness of your defences against peer groups

§ Provide employees with easy, fast and effective ways to report suspect emails to SOC teams and incident responders

§ Provide the incident response teams the tools to rapidly triage, analyse, and operationalise the aforementioned employee attack intelligence

§ Invest in access to phishing threat intelligence and analysis that is human vetted and analysed by expert threat researchers

§ Backup your data appropriately; in many cases this could mean the difference between being forced into a ransom or simply sidestepping demands

Rohyt concludes, "Ransomware attacks have the potential to become the biggest crime in digital history. They threaten every major sector, from the healthcare industry to government agencies, drive unquantifiable financial losses and, in the case of healthcare, could have life and death implications.”

By conditioning employees to recognise and report phishing threats, PhishMe asserts that organisations can build an effective final layer of defence against phishing attacks and ransomware.