Ransomware: Threat Actors’ favorite source of quick cash

Ransomware is a real and costly threat – ransomware damages reached $5 billion in 2017. Some surveys have shown that ransomware losses for businesses can average $2,500 for each incident, with companies willing to shell out upwards of $50,000 to decrypt their data.

The brazenness, prominence, and frequency of ransomware attacks have increased in recent years. Cryptolocker, Cerber, Dridex, Locky, and WannaCry are just a few examples.

A wily type of malware that has been around for 30 years, ransomware seems like it would have been obsolete by now.  But the rise of cryptocurrency has helped ransomware gain ground as identifying the receiver of payments becomes harder.

While the stats are not complete due to different disclosure duties and laws, experts estimate that more than half of businesses paying ransoms may not actually receive their data back.  One study notes that 45% of US companies hit with a ransomware attack paid the hackers, but only 26% of them had their files unlocked.  The average estimated business cost of a ransomware attack, including ransom, work loss, time spent responding, is more than $900,000.

Given that ransomware has been around for a while, shouldn’t there be a security patch, anti-virus, or anti-malware tool to detect, prevent, and mitigate this threat?   There indeed are many tools available.  The problem rests with an inadequate information security strategy.

Many information technology shops fail to implement basic information security technical controls and rely solely on backup and recovery methods to restore data. One of the most effective ways to protect against compromise is by limiting what someone can do when they get onto a machine. Consider enforcing these best practices within your organization:

Don’t allow general users to connect to the local administrator account

Limit what software can be allowed on the system

Update software, servers, and applications

Implement a training and awareness program that focuses on social engineering

If a user falls victim to a ransomware attack, the infection process must be thoroughly analyzed to determine the path of attack and system vulnerabilities