Tim Mullahy* says ransomware is more advanced than ever — and it shows no signs of slowing — so you need to know how to protect yourself.
According to analysis by cybersecurity firm Carbon Black, ransomware only continues to advance.
If you’ve been paying attention to the news, that should come as no surprise.
Ransomware has never been more profitable, nor more prevalent.
Case in point, cyber insurance firm Beazley Breach Response Services recently announced that it’s seen a sharp upturn in the number of ransomware claims.
At the time of writing, this increase shows no signs of slowing.
And that’s not even the most concerning detail.
Lately, we’ve seen ransomware campaigns gradually shift from individuals to businesses.
The most recent example of this is SamSam, which has been tied to at least eight outbreaks in the US alone over the past year.
Unlike most ransomware campaigns, SamSam is specifically targeting organisations — it’s not taking the shotgun approach that most do.
It even offers a volume discount to victims.
In many ways, ransomware is the perfect storm for cybercriminals.
It’s easy to use and easy to distribute.
It’s relatively risk-free and hands-off for attackers, especially with the rise of cryptocurrencies like Bitcoin.
Moreover, there’s a growing market for ransomware — sales on the dark web have exploded from $250,000 to $6 million in a single year.
All these factors together point to one uncomfortable truth: attacks like SamSam are just the beginning.
Moving forward, more and more ransomware will be targeted and personalised to cause the most damage possible.
Malicious code will exfiltrate data prior to encrypting hard drives and servers.
Ransomware will find new vectors to spread over (and more effective ways to utilise tried-and-true avenues of attack).
The problem is that selling stolen data is a whole lot of work — and a reward isn’t always guaranteed.
It takes effort to crack into a server, effort to make off with the right files, and even more effort to put those files into the hands of someone who will pay for them.
Ransomware, on the other hand?
It’s easy to use, easy to distribute, and even easier to profit from.
The message here should be very clear by this point.
Ransomware is going to get much, much worse before it gets better.
If you don’t act now, you could well fall victim to the next WannaCry.
What can you do to prevent that from happening?
Maintain air-gapped backups
Automated backups remain your best defence against ransomware of any kind.
Provided you have all the critical data in your organisation secured on an external server, you can simply wipe any systems that have been infected.
That will turn what could be a devastating infection into a minor inconvenience.
One word of advice though: Keep those systems completely separate from your servers.
Ransomware developers are canny.
They know backups are their kryptonite, so many of them are starting to design their malicious code to seek out and encrypt backups as well as servers.
Your best bet is to backup to both the cloud and to a local storage device or server (which is kept completely offline except when files are being backed up).
Avoid unpatched systems like the plague
WannaCry and NotPetya had one thing in common — they both exploited vulnerable systems that should have been patched years ago.
As a matter of fact, 90 per cent of organisations that suffer a cyberattack are hit because of a vulnerability that’s three or more years old.
Don’t let yourself join that number.
Sure, it might cost a lot to upgrade your legacy systems.
Sure, it might be difficult and time-consuming to move from Windows XP to Windows 10.
But it’ll still cost less than seeing your organisation crippled by a ransomware attack.
Research, educate, control
Last but certainly not least, a huge percentage of ransomware now spreads by targeting the one vulnerability that’s completely unpatchable: well-meaning ignorance.
Phishing attacks are at an all-time high, and alongside malvertising they represent a huge threat for your organisation.
Research the common tactics that criminals might use to fool your employees — and educate your staff on proper best practices.
More importantly, make sure you keep things like your email server completely secure, lest a criminal use it to pose as an internal employee.
Don’t let yourself be held for ransom
Ransomware isn’t going away, and it’s going to get worse before it gets better.
You can’t avoid being infected by it altogether.
What you can do is ensure that when you are targeted, you’ve got the security posture to respond immediately — and to prevent yourself from missing a beat as you repair the damage.
* Tim Mullahy is the Executive Vice President and Managing Director at Liberty Centre One.
This article first appeared at bdtechtalks.com.
