Despite the efforts of cyber security professionals all over the world, cyber risks are on the rise, hitting the critical services of even high- profile companies. Among these, ransomware attacks are garnering more attention recently. Ransomware attacks represent a specific model of attack which capitalizes on the fear factor of the victims. In ransomware attacks, the victim’s system gets infected using phishing emails or direct downloads and then the attacker uses scare tactics for extorting money from them, by preventing or restricting the access to their critical data files. Over the years, ransomware attacks have evolved into a highly profitable business model and cyber criminals by using sophisticated methods of encryption, advanced payment options and means of enticing users are realizing the potential of it. Leading Global Cyber security organization Symantec reveals that “ransomware attacks are growing in number, sophistication and menace and over 100 new ransomware families were identified in the year 2015 alone”. The global losses based on ransomware attacks are now running into 100s of millions of dollars. Ransomware mostly is self-propagating in nature and holds the power to infect an entire organization, if a single system gets infected by it. Ransomware can restrict the access of the user by encrypting the most sensitive data files or can lock down the system completely. Designed for direct revenue generation, the perpetuators can then use the scare tactics and demand a huge ransomware for restoring the service. The most preferred payment method for ransomware attackers are bitcoins, a typical type of digital currency, which gives the advantage of non-traceability in online money transactions. The most common type of ransomware is the Crypto ransomware which aims to encrypt the victim’s sensitive data files. The second common type of ransomware is the Locker ransomware which locks the victim’s computer and denies the access.
The target of ransomware attacks can be both consumers and organizations which include- home users, small to large businesses, public or Government agencies, and even politicians / celebrities. The ransomware attacks target sensitive information including business proposals, personal information, bank details, passwords, customer information etc. which a breach can create catastrophic effects in business or in the life of individuals. The user will not be able to access a ransomware hit machine as the attacker takes control of the critical files and encrypts it. The consequences of ransomware attacks include loss of sensitive information either temporarily or permanently, interruption in the regular operation or functioning of services, financial losses as well as reputational damage for the victims. In most of the instances, the recovery of data will be extremely difficult and may require the assistance of data recovery specialists.
There are various methods in which a ransomware can hit a consumer or an organization. One of the prominent methods to spread ransomware is through malicious spam emails, which are usually distributed using botnets. This can happen through social engineering tactics or direct download as well. The email or the downloaded file contains a malicious attachment and once the victim access this, it can encrypt the data inside the system or can lock the system based on the type of the malware. The server then notifies the victim demanding a ransomware to decrypt the files or unlock the system. The attackers may induce the fear tactics by introducing a countdown clock to pay the ransom which usually says once the deadline is crossed it will destroy the encryption key or double the ransom amount. Apparently, paying the ransom is not a guarantee as the consumer or organization may still loose the files even after the payment of ransom.
Consumers, small businesses and enterprises must implement multilayered defense mechanisms while dealing with ransomware attacks.
Efficient data backup: Organizations must employ regular data backup and recovery plans for all the critical data they store. The backups should be tested and the backed up data must be stored in separate devices preferably offline.
Regular patch updates: The application patches and operating system patches must be up to date and tested to avoid any potential vulnerabilities. Efficient patch management reduces the chances of attacks through exploitable weak links.
Restrict use of elevated privileges: The organizations should follow restricted privilege model of access for the users, to reduce the chances of installation and running of unwanted software or applications by them.
Antivirus update: The systems must be installed with latest antivirus software and all the downloaded files must be scanned through it.
Implement application whitelisting: Organizations must follow an application whitelisting process which prevents prevent the system and network getting infected with malicious or unauthorized applications.
Create the user awareness: Users are the weakest link in cyber security and educating them through proper training is important. Security professional must be aware of the latest trends in this space and need to educate the users regarding spam emails and phishing attacks.
Email protection: Organizations must keep a watchful eye on their emails. They should block email messages with attachments from suspicious sources.
Endpoint protection: Organizations must protect the endpoints by preventing malicious files from running.
Nurture good security practices: Organizations must maintain good security habits and safe practices when browsing the web and must safeguard the data with appropriate controls.
Follow an integrated approach: By following an integrated approach to cyber security, organizations can largely address the challenges with addressing the cyber risks including ransomware attacks. Happiest minds Cyber Risk Protection Platform (CRPP) is such an integrated platform which helps organizations leverage on multiple security technologies including SIEM, advanced and next generation network, endpoint security and DLP, providing deeper analytics and insights for an integrated approach to handle overall threat lifecycle. CRPP is a cloud-hosted platform and can be leveraged in a subscription-based model. CRPP is risk aware, identity aware, data aware and environment aware platform providing complete visibility of the security posture.