The Basics of Ransomware Explained
By this stage, pretty much all of us have had that call from the bank. “Mr. Ciancio, we’re just ringing today to discuss some unusual activity on your credit card ending in numbers 1234…”. That sinking feeling you get is just the start of what data theft from ransomware feels like on a very personal level. Luckily today most of us have a reasonable handle on the checks and balances we need to have in place to ward off a personal financial blow from a lost, stolen or compromised card.
Zooming out though, we see that most modern-day attacks designed to steal credit card, personal, corporate or even medical data are actually part of much larger, coordinated, highly sophisticated and very lucrative criminal enterprise networks – some even have fully serviced “help desks” set up to legitimize their scams.
But believe it or not, sometimes the bad guys have just the same problems as the good guys. Just as we are overwhelmed with the volumes of big data our businesses are dealing with, so too are the criminals. Their traditional modes of attack have simply yielded too much stolen data; so much so that they don’t even get around to using all their stolen records!
To add insult to injury, while we’re grappling with how to better use our data, they’ve already found a better way to get an optimal return on investment on theirs: Ransomware.
Ransomware represents one of the greatest cyber threats to your business. It’s basically the new-age version of the bad guys taking your top spy hostage and keeping him captive till you pay up. Ransomware is driven by a network of criminal enterprises whose aim is simple – to block your access to your own data – not just personal data, but large silos, if not all, of your critical business data. Then they monetize their attack by trying to sell your own data back to you. It’s not a new tactic by any means, but it is one of the most widespread and damaging threats that SMBs face today. So, baseline, what do you need to know? Here are our three “Rs” to getting Ransomware resistant.
Recognise the Routes of Attack
There are two main routes for a ransomware attack:
Malicious Email – highly genuine-looking emails with attachments that when clicked on will download the ransomware on your computer.
Malicious Websites – often legitimate websites that have been temporarily infected so that simple browsing is enough for ransomware to download and install. Constantly evolving and relentless, ransomware is continuously being reengineered to defeat existing protections. Even the big guys are constantly being exploited so the bad guys can get access to your people and computers: anyone received one of those bogus Australia Post emails last XMAS? SMBs need combat solutions specific to ransomware to avoid getting caught in the net.
Realize the Risks
Sophos tells horror stories out of the US where the Hollywood Presbyterian Medical Centre reportedly paid 40 bitcoins ($17,000) to regain access to its own files, while another major hospital was still not given access to all its files even after paying up on two successive ransomware demands. In Australia over 6000 cases of malware and ransomware attacks were reported to the ACCC in 2016, with attacks costing businesses several thousands of dollars each incident. There are even reports that a Victorian retailer was hit up for over $250,000 last year, but managed to fly under the media radar.
The ransom paid represents just a fraction of the potential cost to a small to medium size business. Indirect costs associated with a ransomware event include:
- time the business is offline,
- resources redirected to resolving threats,
- damage control within the business, its clients and stakeholders,
- the list could go on and on…
Rethink Your Resources
“Yeah, but we have an IT guy that keeps our anti-virus stuff up-to-date.”
The problem with this mindset is that the size of the playing field has changed. Business owners today simply do not understand the enormity of the attack surface or the need for ransomware-specific solutions to deal with the constant level-upping of attacks. Your average in-house IT team (or person) is usually fully occupied trying to keep as many entryways as possible closed off and detecting right-now threats. It’s time for business leaders to be more open to the need to share the burden. Doubling up in-house efforts with an external managed security services provider will assist in covering against more threat vectors, keep security systems and practices cutting edge, and reduce unused technologies, and give businesses stronger means of identifying emerging threats. Spreading the work across both internal and external resources also gives SMBs the expertise and leeway to prioritize formulating actual response and recovery plans, not just for the “if” but for the “when”.
Ransomware – it’s time Australian business leaders and SMBs arm themselves with the knowledge, tools and partners to help them realistically assess their exposure. Getting the right type and amount of defences in place is key, right now, before the scale of ransomware attacks on our business landscape start to mirror those overseas.