make a good business better

Blog Technology Solutions

Print Divider Print Divider Branding
 

Ransomware Attacks Increased 300% in First Nine Months of 2016

01/24/2017

Share

Social Logo Social Logo Social Logo Social Logo

From January to September of 2016, ransomware attacks targeting companies increased by 300% since 2015. Three hundred percent!

In addition to frequency, attackers have become more intentional in their craftsmanship of spear-phishing techniques and more strategic about the way in which they use social engineering to assault selected victims. 

A recent report from Kaspersky Lab reveals that ransomware attacks against businesses increased from once every two minutes to once every 40 seconds during that period. Consumer attacks in September took place once every 10 seconds.

And the worst part is that a significant amount of these attacks are preventable. In fact, one in five incidents that resulted in major data loss was caused by employee carelessness or a lack of security awareness. 

“This shows the interest that cybercriminals have in this type of malware (aka, ransomeware) and highlights its continued success, despite actions by law enforcements agencies and free decryption tools released by researchers and security companies,” writes Computer World. 

Ransomware works by encrypting a victim’s files and then convincing them the only way to retrieve their files is to pay a ransom. The attackers create a dire sense of urgency by setting a short deadline for payment, and telling the victim that their files will be gone for good if the deadline is missed. Ransomware is so successful because victims continue paying these ransoms.

The Cyber Threat Alliance reports an estimated $325 million in payments for the CryptoWall 3 ransomware alone during 2015. These payments provide both incentive and financing for further ransomware development by the bad guys. 

The best defense against ransomware is prevention. However, since this alludes many, we also prescribe recovery and education as well.

Our team of Network Engineers put together the following recommendations for best practices to follow. ALL components combined make a significantly more effective security solution.

Prevention

  • Windows and Application Updates – Keep your computers updated with the latest patches for Microsoft Windows and your applications (i.e. MS Office, Java, Adobe Flash, etc.).
  • Endpoint Protection: 
    • Antivirus – Maintain actively supported antivirus software with updated virus definitions.  Alerting should be configured to notify IT personnel when an infection occurs.
    • Antimalware - Maintain actively supported antimalware software with updated malware definitions.  Alerting should be configured to notify IT personnel when an infection occurs.
  • Firewall – Your firewall should be configured to scan and block ransomware and virus threats.  A good firewall that is bundled with a UTM/Security bundle, should be able to support advanced scanning for ransomware and virus threats. LBMC Technology Solutions offers Watchguard appliances for organizations of all sizes. 
  • Limit Scope – Users should only have permissions to the files and systems that are necessary. 
  • Educate Users – Most threats enter the system through email or web browsing.  Users should always be vigilant as they browse the web or click on a link in an email.  For instance, if you are not expecting a package from FedEx, don’t open the attachment or, better yet, just delete the email. 
  • Monitor – Review logs and alerts frequently for potential threats. 
  • Backup, Backup, Backup – While backups do not prevent infection, if they are done correctly and often, recovering from an intrusion can be much easier, faster, and less damaging. Always have a multi-level approach to your system backups with many recovery points.  These recovery points should not be accessible or vulnerable to end users.  You should have plenty of retention and backups should be tested regularly.

Recovery

  • Stay calm. While this may be maddening advice at the time, it will allow you to react more appropriately.
  • Don’t pay the ransom. As mentioned earlier, hackers are not the most trustworthy lot. While the end result may require relinquishing funds, you should have an expert look at the situation first.
  • Engage a reputable IT consulting firm. A qualified Network Engineering team can determine the best plan of action to mitigate damage, and set up your systems following best practices to avoid future disasters.

Unfortunately, it seems malware, especially ransomware, is going to continue to be a problem. However, with vigilance and the right regimen to ward off and manage exposure, businesses and individuals can avoid or reduce its impact. 

Contact LBMC Technology Solutions to perform a current situation analysis to see where you stand compared to the best practices we encourage our clients to use.