If ransomware isn’t at the top of your cybersecurity concerns, it should be. Ransomware attacks quadrupled in 2016 and will double again in 2017, according to a report issued by Beazley, a provider of data breach response insurance.
It’s now the most profitable type of malware attack in history. That’s because cybercriminals have discovered how financially rewarding—and effective—it can be, especially against larger targets with business-critical data stored on file shares. Here are just a few stories about attacks from both coasts:
- Los Angeles Valley College paid $28,000 to hackers
- Hollywood Presbyterian Medical Center paid $17,000 to regain access to its data
- Hackers infected 70% of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts
As you can see, it’s not only consumers anymore who are being hit by ransomware, but businesses and organizations of all types.
Ransomware is easier and more effective than ever for criminals to use
The ransomware business model has reached a level of maturity that encourages cyber-criminals and ransomware gangs to cash in. There are three major trends that have contributed to the surge:
- Better encryption: The use of strong encryption methods makes it far more difficult for victims to determine the decryption key on their own.
- Digital currency: Bitcoin and other digital currencies make it easier for attackers to get paid while remaining anonymous. Using Tor networks also helps maintain anonymity.
- Ransomware-as-a-Service (RaaS): Ransomware authors provide customized, on-demand versions of malware to distributors. The author collects the ransom and shares it with the distributor in a classic affiliate distribution model. With RaaS, ransomware attacks become accessible and profitable for any potential threat actor, which is helping drive an increased volume of attacks .
Remote encryption broadens reach
Even if only one endpoint is infected, ransomware can encrypt files both locally and on corporate file shares. This not only holds data hostage for the infected user, but also for all other users that need to access the compromised file store. An active ransomware attack can bring your business operations to a halt until systems and files are restored.
Can ransomware be stopped?
Many organizations have inadequate protection against ransomware despite expending significant cost and effort to implement layers of security solutions that can help prevent and detect malware infections. Instead, these organizations have resorted to paying the ransom because their businesses have been crippled by the lack of access to critical data and devices.
Given the speed at which ransomware impacts organizations, security teams need solutions in place to detect ransomware at the earliest stage possible. This requires a solution that offers:
- Real-time file access monitoring for file servers and network attached storage (NAS) devices
- Automated, policy-based and deception-based detection of ransomware on file storage systems
- Blocking of infected users or devices based on file access behavior
- Detailed audit trail to support immediate forensic investigation
You can learn more about ransomware trends, why common security solutions aren’t enough, and how you can protect data at the source in our eBook: “Insider’s Guide to Defeating Ransomware: Protect Your Data at its Source.”