Ransomware attacks are becoming so effective that the FBI is predicting ransom payments will top $1 billion by the end of this year.
The number of attacks in Canada has increased tenfold over last year. In a recent high-profile case, the University of Calgary paid $20,000 to regain access to data that was encrypted by covertly installed computer malware.
It’s more important than ever for all organizations to take preventative action, Krystal Wang, senior product marketing manager with Proofpoint told participants in a recent ITWC webinar, Protect Yourself from Ransomware. “It’s becoming so prolific for attackers because it works,” she said.
The latest trends in ransomware
Ninety-nine per cent of the attacks start from links or attachments in email messages, according to the Wall Street Journal and the attackers are “relying on human curiosity to click,” said Wang.
At the same time, these emails are becoming increasingly hard to spot, she said. “The days of looking for spelling mistakes and Nigerian princes are gone. What we have now is really sophisticated and really convincing lures.” Wang noted that attackers are using graphic designers to make the emails look exactly like marketing campaigns from existing companies.
The attackers are also very skilled at developing new products, leading to a 600 per cent growth in ransomware ‘families’ or types, said Wang. She pointed to the meteoric rise of “Locky” ransomware, used in a campaign last month that involved 50 million malicious emails. In this case, the attackers research a target’s social networks to make sure the email relates to your business. For example, it may appear to be from the company they use for package delivery. When they click on the attachment, it will ask they want to enable macros. Once that happens, the files are encrypted and the ransom demand is made.
“This is a big business,” said Wang.“The attackers will even have web pages for help and FAQ to make it easy to pay the ransom.”
Prevention and survival
Wang stressed that this isn’t just a technology issue. It’s a problem that spans people and processes. “At the end of the day, the attackers are targeting us, and we make mistakes.”
The biggest goal of the attackers is to get to a person, especially one that doesn’t know what they’re doing, and exploit their vulnerabilities. That’s why user training is one of the best defence mechanisms. Employees need to know how to recognize suspicious messages and to be more careful when clicking “OK” online.
The number one way to minimize the impact of ransomware attacks is to back up your data, said Wang. “This should be done often and offline to prevent the malware from spreading through shared drives.”
It’s also important to install all updates, review emergency procedures and to invest in solutions that monitor the attack chain in email, social and mobile.
If an attack happens, Wang said that the first thing to do is to disconnect from the network and do not restart. Some types of ransomware have a second stage that kicks in after a reboot, she explained. She also reminded participants to inform the authorities of the attack.
Paying the ransom provides no guarantee the encrypted files will be released. In fact, only 30 per cent of organizations get their data back after they pay. “It’s a gamble,” she said. “If it’s critical information that is needed right away, some organizations will choose to pay.”
Jim Love, ITWC CIO and host of the webinar, also stressed the urgency of taking steps to protect your data. “If you think it won’t affect you, you might want to think again. When it happens, you need to have an answer on what was done to prevent it.”