16 September 2016
Blogs by author: Global Services, We’re a leading global business communications provider
The year data was held to ransom. In 2016 more organisations and individuals have fallen victim to ransomware and DDS extortion demands than ever before.
The second blog in our web security series focuses on ransomware; a type of malware that encrypts files and data, demanding payment before they can be accessed. Initially, it was directed at individuals, but cyber criminals have since become wise to the lucrative prospect of attacks on large organisations.
These companies won’t get away with paying consumer rates. For an insight into just how much we’re talking, an FBI source estimates that cyber criminals collected $209 million from ransoms in the first three months of 2016.
The year’s headline act? Locky. It sounds like the name of a cute cartoon character, but there’s nothing nice about this nasty ransomware variant.
On a single day in February 2016, it was used to target half a million victims around the world.
It’s typically delivered by an email, and anti-virus detection is increasingly inconsistent. It scrambles any files, in any directory — including removable hard drives, other people’s computers and any connected servers. It even removes Volume Snapshot Service files — all those autosaved documents.
Infecting between one and five machines every second, it doesn’t discriminate. Locky targets all industries and types of user. So everyone, and every business, is vulnerable to it.
This old favourite is alive and well, and it’s seen some serious evolution over the year, mainly focused on obfuscation and evasion. It now targets more file extensions and has a range of new delivery modes, including exploit kits infecting WordPress and Joomla websites.
It’s a prime example of how even older forms of malware pose a constantly evolving threat.
The rest of the gang.
As well as the two key players, other ransomware, including CryptoHost, Jigsaw, Petya, CryptoFile2 and Cerber are all targeting businesses, organisations and individuals.
Showing just how ruthless the cyber criminals are, in California recently, a hospital was forced to pay $17,000, and lost access to its private patient files for five days as a result of a ransomware attack.
There won’t be any let-up in the future. ‘Ransomware-as-a-Service’ is becoming more popular, and less technically-minded criminals now profit from campaigns like ‘Ransom32’, which provides quick, easy and anonymous management of ransomware.
Ransomware is increasingly accessible to anyone with a desire to extort others and it’s constantly evolving to avoid current security measures. The more lucrative it becomes, the more resources criminals have to launch innovative, successful attacks.
Perhaps the most worrying development is the fact it will soon begin to replicate worms — meaning it can self-propagate through your networks.
Protecting your data.
According to Jay Chaudhry, CEO of security cloud Zscaler: “Traditional antivirus (AV) is not sufficient. Malware is constantly ‘morphing’ to evade AV protections — and it often does. You need a combination of security measures that block malicious files and ‘sandbox’ suspicious traffic.”
BT’s Managed Cloud Security is a good example of this level of web security. Using Zscaler technology, it helps to ensure consistent protection and policy for all users, both inside and outside their organisation’s network — including mobile users and devices.
It’s one of the most effective defences available against web-based malware because it proactively blocks malware before it reaches your network.
WannaCry Ransomware - listen to Mark Hughes, President of BT Security and Les Anderson, VP, Cyber and CSO, at BT, explain more about what’s happened.
Our report with KPMG, Taking the Offensive – Disrupting Cyber Crime, gives you a detailed view of the current threat landscape, and practical steps your business can take to stay secure in the face of organised criminal entrepreneurs.