Cyber attackers have figured out how to take organizations down within seconds. Gone are the days when they’d penetrate a network and scour it for valuable information to siphon. Now, it’s as easy as leveraging one piece of malware to seize the entire trove of data and hold it for ransom.
Ransomware is the online criminal underground’s favorite weapon these days, and it’s working. In 2016 alone, the wave of ransomware attacks that victimized organizations across industries netted cyber criminals roughly $1 billion in profit.
“Ransomware is an indication of a fundamental change in the business model for the bad guy,” Simon Crosby, co-founder and CTO at Bromium, told Infosec Insider in a recent interview. “Instead of the bad guy having to break in, dig around and find stuff that’s maybe of value, and then figure out how to get it out, [they] can just encrypt it in place and charge you for it.”
And boy do they love it.
From 2015 to 2016 the number of ransomware attacks quadrupled, and security experts believe that number will double again in 2017. From plaguing the healthcare industry to even shutting down San Francisco’s Municipal Transport Agency’s network, the attacks are only getting worse as cyber miscreants continue to author new variants of the nasty malware to rake in the profits.
“We’re at this horrible point where the average time of detection to remediation is at around hundreds of days, and crypto malware is encrypting your stuff and dealing with you within seconds,” Crosby says. “This is at a point in time when analysts are telling industry professionals that anti-virus is broken and that what you should do is look for the bad guy inside your organization.”
Many times attackers target the average employee who’s too embarrassed to share with the security team the news that they’ve been pwned, opting to pull out their credit card to pay the ransom.
For organizations that have to meet uptime requirements - such as those in the healthcare and law enforcement sectors - encountering ransomware can force your operations into a complete stop, Crosby says, pointing to examples of recent police departments that paid an attackers ransom just to get back up and running again.
From a defender’s point of view, it may look pretty grim, but there are things that security managers and directors should take into account when combatting this cyber threat.
In this full video interview with Infosec Insider, Crosby not only discusses the ins and outs of ransomware but offers up best practices that security practitioners should leverage to ensure their organizations are prepared for what could be the imminent ransomware attack.
To get an in-depth understanding of ransomware visit InfoSec World 2017 in Orlando from April 3-5 where Ben Rothke, senior eGRC Consultant at The Nettitude Group, will be presenting "Dealing with Cyberextortion, Ransomware, and Other Bad Stuff."