Businesses - the Next Big Target
Information security, identity and privacy have been perennial hot topics. As the world is witnessing high-profile cyber-attacks, businesses are incurring monetary losses, obstruction in business continuity and damage to their reputation. This has made them focus towards data protection, encryption, privacy, and surveillance as never before. Cyber-attack techniques are evolving at a rapid pace, which the IT security solutions industry is striving to defend with existing tools while gathering intelligence on new vulnerabilities. As a result of these security breaches, it is clear that businesses and other organizations are regularly losing large amounts of confidential data to increasingly well-organized cybercriminals.
The threat landscape
The most discussed malware in 2016; Ransomware either locks an infected computer or encrypts all the files on the system. The objective is to demand a ransom from the victim for letting go off the system or for decrypting the files.
"The advent of RaaS means a large number of cyber criminals can acquire their own ransomware, including those with relatively low levels of expertise"
Due to virtual currencies, it’s becoming a lot easier for criminals to use ransomware, making it more profitable and useful for them. In the recent times, ransomware has evolved from simple screen blockers demanding payments to something far more dangerous.
The main reason that makes ransomware a hard nut to crack is the technology they use to encrypt files. Primitive ransomware families used an encryption method which was relatively easy to break. The modern day ransomware, however, uses a more complex method to encrypt the victim’s files. Here, criminals have two things - a public key for encrypting the files and a private key for decrypting the files. It is the private key that a victim needs to buy in order to decrypt the files. Without this key, the decryption is impossible.
Businesses getting impacted
While ransomware attacks to date have been largely indiscriminate, there is evidence that attackers have a growing interest in hitting businesses with targeted attacks. A number of ransomware groups have begin using advanced attack techniques, displaying a level of expertise similar to that seen in many cyber espionage attacks.
Ransomware attacks against businesses are growing simply because cyber criminals are aware that organizations are more likely to pay as the data held captive is typically both sensitive and vital for business continuity. In addition, it can sometimes be more expensive to restore backups than to pay ransom. A ransomware attack can impact business continuity, productivity, company finances and reputation of the organization.
While the initial impact may be considerable, the long-term effects of anattack may be far more costly.
Amongst all the sectors, banking is being seen as the most lucrative one for attackers. Banking malware is going to be a concern in the coming days for security experts and more importantly users of mobile Internet banking. With almost all banks developing dedicated apps for banking, hackers are going to leverage this as a lucrative opportunity to trick users and generate illegitimate cash to further fuel their nefarious intentions.
The defence strategy
Ransomware attacks have taken various forms in the past but there are several precautions and safety measures that can be easily implemented to prevent and counter these irrespective of where they are emerging from - spam mails or attachments, phishing websites or emails, external drives, anywhere on the internet.
Organizations should also ensure that every device that connects to the company’s network is secured. This includes employees’ smartphones, tablets, laptops and home computers. Protection should comprise anti-malware and/or whitelisting softwares as well as establishing secure policies such as not allowing programs to auto install, blocking ports, web filtering, share access restrictions, and encryption of data. However, the major focus of the organizations should be on backup and user training. Real-time or near-time backup can be an effective counter measure to minimize the damage caused by ransomware if an infection ever occurs. The infected device can be thoroughly wiped andall applications and data can be reloaded.
Ransomware-as-a-service (RaaS) is an upcoming trend which is gradually gaining momentum. In RaaS, malware Authors sell ransomware along with a customizable kit through the online black market. Interested people can Register and download them for free or a nominal fee. Once the ransomware file is customized as per the requirement, it is then spread through the desired infection vectors. The advent of RaaS means a large number of cyber criminals can acquire their own ransomware, including those with relatively low levels of expertise.
Besides, the growth of the Internet of Things (IoT) has multiplied the range of devices that could potentially be infected with ransomware. IoT security challenge will grow as we will see more cyber attacks creating havoc by using bonnets of infected IoT devices. Cyber Security solutions providers will have to innovate and gear up for such attack along with the growing threats of Ransomware. With a growing awareness of ransomware affecting traditional computers, attackers may turn to IoT to find new, softer targets.