Why ransomware should be feared by companies of all sizes
Ransomware is a powerful cyberthreat that can bring any organization to its knees. It’s a popular tactic among hackers looking for financial gain, or to take down an organization for political or moral reasons -- and it works. In 2015, the Internet Crime Complaint Center (IC3) received 2,453 complaints identified as ransomware, resulting in more than $1.6 million in company losses.
While some think ransomware is only a threat to large enterprises or government organizations, recent activity shows that it doesn’t discriminate based on the size or significance of an organization. According to a warning from the FBI earlier this year: "Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them".
So far in 2016, we’ve seen several companies fall victim to ransomware, including:
- The Leavine Family Racing team of NASCAR was infected with TrueCrypt malware via a team member's laptop, resulting in crucial test data being locked up two days before a big race. TrueCrypt works by adding an .enc extension to compromised files. This attack uses AES-256 encryption, generating public encryption and private decryption keys during the attack. Hackers hold the files ransom and will provide a private key that is store on a command and control server only if the victim pays the hackers demand. In the case, the team paid as it prioritized its race performance over the money it would lose to get the data back -- the exact calculation the hacker was counting on when he or she made the demand.
- Deemed one of the most high-profile ransomware attacks ever, Hollywood Presbyterian Medical Center was attacked using malware that infected all the organization’s computers, preventing hospital staff from accessing electronic medical files and communicating from computer devices. The attack lasted weeks, caused serious disruption in patient care and put patients’ personal healthcare data at risk, ultimately forcing the hospital to pay the $17,000 demand. The big payout is blamed by some for the surge in ransomware attacks on hospitals this year - hackers assume that if it worked once, why wouldn’t it work again?
- Horry County Schools in South Carolina were attacked using malware that entered through an out of date server and used high-level encryption to freeze files stored on 25 servers. A company spokesperson admitted that the school was "willing to pay because it’s a small amount compared to the man hours already lost trying to solve the problem". This is sentiment shared by many small or mid-sized organizations that simply do not have the resources to fight off the attack - a contributing factor as to why ransomware is not an enterprise-only issue.
The FBI warning goes on to say:
“Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher. And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause -- will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance".
Don’t become a victim simply because you think it can’t, or won’t, happen to you. Here are a few prevention tips that will benefit all organizations:
- Back up files daily, and ensure that backup systems have the latest security updates
- Educate employees on how to recognize common ransomware entry points, like phishing emails, malicious online ads and infected email attachments.
- Scan email attachments and identify malicious files before they are downloaded and open.
- Use only trusted security solutions that provide around the clock customer service
These simple preventative measures can go long way to protect an organization. No company is bullet proof, but the harder it is for a hacker to infiltrate an organization, the more likely he or she will move on to an easier target. Ransomware is powerful, but it’s also avoidable with the right tools in place.
Ofir Agasi is Director of Product Marketing at Cato Networks with over 12 years of network security expertise in systems engineering, product management, and research and development. Prior to Cato Networks, Ofir was a product manager at Check Point Software Technologies, where he led mobile security, cloud security, remote access and data protection product lines. Ofir holds a B.Sc. degree in Communication Systems Engineering.