Held to ransomware Thursday, 06 April 2017

News article written by Corbett Communications. The statements made or opinions expressed do not necessarily reflect the views of Engineers Australia.

In 2016, 20% of businesses worldwide were affected by ransomware - malware that scrambled a business’ data and demanded a ransom to decode it. The number of spam email attacks is increasing and becoming more sophisticated, with the ransomware industry pocketing up to $1 billion in 2016. According to IBM Security, incidents spiked 6000% on the year prior, with most victims paying the ransom of $10,000 to $40,000.

Russia’s internet security company, Kaspersky Lab, called 2016 “a tense and turbulent year in cyberspace” stating 32% of computers were subject to at least one malware-class web attack and that its software had repelled 758 million attacks launched world-wide. It also said over one million unique users’ computers on its books were targeted by encryptors.

Kaspersky revealed 42% of SMEs fell victim to a ransomware attack in 2016. One in three of those paid the ransom but one in five never got their files back despite paying. On the whole, 67% of companies that were affected by ransomware lost part or all of their corporate data, with one in four spending several weeks trying to restore access.

Both businesses and individuals are at risk, an example of which includes a Californian hospital forced to pay out $17,000 in bitcoin to retrieve its data. IBM found 40% of consumers would be willing to pay more than $100 to get their data back, but most individuals hand over around $300 when hit with ransomware. In an age where personal information, photos and mementos are in digital form, individuals are being indiscriminately targeted.

CTB-Locker ransomware accounted for a quarter of all ransomware followed by Locky at 7% and TeslaCrypt with 6.5% (active for five months). Kaspersky said 62 new ransom families were detected in 2016, with an 11-fold increase in the number of modifications in less than nine months. It said ransomware operators are now focusing their spear-phishing and social engineering attacks on specific organisations or industries more likely to be affected by the loss of data.

In this country, despite sending out bi-monthly phishing drives to its staff, Australia Post found almost half of them fell for fake emails even though 43% said they wouldn’t be tricked. When the organisation detected its employees were also not engaging in ransomware training, it decided to up the ante but took things a little too far.

To prevent ransomware attacks, ebook Cybersecurity spotlight: the ransomware battle recommended:

• Keep clear inventories of all digital assets and their locations and keep all software up-to-date, including operating systems and applications.

• Back up all information every day, including information on employee devices, so encrypted data can be restored if there’s an attack and back up all information to a secure offsite location.

• Segment your network: don’t place all data on one file share accessed by everyone in the company.

• Train staff on cybersecurity practices, emphasising they should not open attachments or links from unknown sources and develop a communication strategy to inform employees if a virus reaches the company network.

• Before an attack happens, work with your board to determine whether your company will pay a ransom or launch an investigation.

• Perform a threat analysis in communication with vendors to go over cybersecurity throughout the lifecycle of a particular device or application and instruct information security teams to perform penetration testing to find any vulnerabilities.

Author: Desi Corbett


#ransomware #malware #ransom #CTB-Locker #Locky #Kaspersky #IBM #encryptors #cybersecurity