With the growing popularity of ransomware cyber attacks, we thought we’d spend the next few weeks covering the topic so you can better understand what ransomware attacks are, who’s behind them, how to protect against them, and what to do if you become a victim of such an attack. This is post 5 of 6.
Did you know that ransomware has made international headlines for bringing critical infrastructure to a grinding halt? In early 2016, Hollywood Presbyterian Medical Center was hit with a ransomware infection that demanded a payment of $17,000 in order to regain access to the hospital’s files.
Another notable high profile ransomware attack targeted the police force in Tewksbury, MA. The Tewksbury Town Crier reports that the local police department was forced to pay the ransom in order to regain access to their systems.
While every CIO fears a ransomware attack on their network, one major question still looms: Who is responsible for the sudden influx of ransomware infections in the past 18 months, and why are these malicious actors intent on causing chaos?
Ransomware Attacks are Motivated by Money
Some argue that the love of money is the root of all evil. Ransomware creators have taken advantage of three key factors that have allowed them to wreak havoc on organizations all around the world. These three factors are:
- Untraceable Money – Using Bitcoin, hackers can get paid without a paper trail
- Locality – Ransomware creators live in countries with weak computer crime laws
- Unpatched Workstations – Without proper patches, your systems could be at risk
These three factors have created the perfect climate for those who want to extort your business out of its hard earned money. It is being reported that ransomware creators have cashed in to the tune of $325 million in profit.
With so much at stake, ransomware creators have doubled down on creating new strains that exploit vulnerable systems.
Forensically Analyzed Ransomware Data Provides Hints
Researchers have discovered that many ransomware variants do not infect machines that have a Russian keyboard.
Hypothetically speaking, if the hackers behind ransomware were based in Russia, it would make sense that the malware wouldn’t target Russian computers since the hackers could be charged with a crime for attacking computers inside of Russia. When these hackers attack PCs outside of Russia, the odds of being indicted for a computer crime drops significantly.
Nevertheless, the FBI has announced a reward of $3 million dollars for information leading to the arrest of Evgeniy Mikhailovich Bogachev, a Russian national that is allegedly responsible for over 1 million ransomware infections that have led to over $100 million dollars in financial losses for businesses and consumers.
Cyber Crime Attracts Cyber Gangs
With hundreds of millions of dollars at stake, cyber gangs have jumped on the ransomware bandwagon in efforts to generate profits for their illicit operations.
The involvement of cyber gangs is has fanned the flames of ransomware, with different variants of the malicious infection appearing to target specific industries around the world. Given the fact that ransomware infections are increasingly targeting specific businesses, the hackers may elect to set the ransom price to a price that they think the business will pay.
Businesses that thrive on data driven solutions could become the target for a ransomware infection. Employees within these businesses must become educated on the risks of fake emails and visiting hacked websites.
Distribution of Ransomware Through Legitimate Websites
One of the more popular ways that cyber criminals target businesses is by hacking websites that end users may visit on a regular basis. For example, there may be a local website that your employees use on an everyday basis. If hackers successfully target this specific website, they can effectively target your organization’s internal network with infected downloadable files, exploit kits, etc.
If that website does not update its Content Management System (CMS) on a regular basis, specific versions of the CMS could be vulnerable to attacks. If the hackers can gain access to these websites, they can replace seemingly innocent download links with links to infected files.
Cyber gangs are increasingly using this tactic to infect unknowing parties who visit the hacked website. More specifically, the Dridex cyber gang has been linked to many of the latest targeted ransomware attacks.
Reducing Your Attack Surface for Ransomware
Cyber criminals exploit businesses that have become lazy in terms of keeping their infrastructures updated. Consequently, running Windows Updates alone isn’t enough to keep your systems completely safe. Here is a short action list for your organization that will help mitigate these attacks:
- Consider using 3rd party browser plugins that will check the validity of a website before it is loaded onto your computer
- Provide training for end users on how to spot and report a potential ransomware attack
- Disable Flash, Silverlight, and Java on all desktops. Consider a whitelisted approach with Microsoft EMET
- Always perform critical updates as soon as they are released.
The Online Trust Alliance says that up to 91% of all ransomware attacks in 2015 were preventable.
With ransomware getting so much press coverage in 2016, an organization that has taken the proper precautions will effectively eliminate the risk of having their data held for ransom by a group of cyber criminals.
If you have any worries about your network security, please call us at (833) 482-6435, or click the banner below to schedule an IT security audit so we can find the best security solutions for your business. Preparation for threats like this is a small cost compared to repairing the damage of an actual infection.
If you enjoyed this IT Support article, please check out other posts on our blog and join us on Facebook, Twitter, and LinkedIn, to see how else we can help your Greenville, SC or Atlanta, GA area business succeed!