The No. 1 security threat organizations face today can be summed up in a single word: ransomware. The FBI reports that ransomware attacks increased dramatically in 2015 and are on track to grow even more in 2016. Researchers at Kaspersky Lab have called it an epidemic. The Institute for Critical Infrastructure Technology has gone even further, warning that “2016 is the year ransomware will wreak havoc on America’s critical infrastructure.”
Ransomware is a high-tech spin on the age-old art of the shakedown. Cybercriminals use malware to encrypt data on a victim’s systems, then demand a ransom to decrypt them. The crooks are betting on the fact that organizations rely heavily upon their data and will be willing to pay to regain access to the files.
Organizations of all sizes and industries have fallen victim to ransomware attacks. Hospitals have been prime targets due to the critical value of patient data. During the last holiday season, online retailers suffered a spate of ransomware attacks that locked the pages of e-commerce sites. Across all industries, the FBI’s Internet Crime Complaint Center received 2,453 reports of ransomware attacks in 2015, totaling $1.6 million in losses. Most incidents go unreported, however, and actual losses are likely much, much higher.
Ransomware has become a lucrative source of income for hackers as the prices of stolen credit card numbers and other private data have plummeted. Most demand payment in Bitcoin or other cyber-currency because it’s untraceable — in fact, the availability of Bitcoin has been linked to the rise of ransomware.
The malware is typically distributed via malicious links or attachments in phishing emails. Once a user opens the link or attachment the malware is launched and spreads quickly to any local or network files attached to that system. A recent backup is the best hope of recovering the files without paying the ransom.
Law enforcement officials say you should not fork over the money, however, noting that criminals have no incentive to actually deliver the decryption key and that paying the ransom only emboldens criminals and most likely funds other illegal activities. Instead, the FBI has issued the following nine tips for dealing with the threat of ransomware.
The best way to avoid ransomware is through common sense and vigilance. Organizations must educate employees about the dangers of this threat, ensure that data is backed up regularly, and keep security systems up-to-date.
- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
- Patch operating systems, software, and firmware on digital devices.
- Ensure anti-malware solutions are set to automatically update and conduct regular scans.
- Manage the use of privileged accounts. No users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
- Configure file, directory and network share permissions appropriately. If users only need to read specific information, they don’t need write-access to those files or directories.
- Disable macro scripts from Office files transmitted over email.
- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g. temporary folders supporting popular browsers).
- Back up data regularly and verify the integrity of those backups.
- Make sure backups aren’t connected to the computers and networks they are backing up.