Ransomware first experienced a surge in activity starting in 2015. By 2016, unprecedented profitability made it the first choice for cybercriminals worldwide.
The idea behind ransomware is not new.
The first known example was distributed to AIDS researchers on 20,000 floppy disks in 1989 – but the AIDS Trojan’s coding was so deeply flawed that a reasonably clever IT specialist could resolve it without paying the developer behind the application.
By contrast, today’s ransomware developers rarely write their own encryption code. Instead, they rely on professionally developed off-the-shelf libraries that are significantly more difficult to crack. Cryptocurrency provides the perfect cover for obtaining payment without exposing their personal data.
Delivery methods have advanced as well. Traditional phishing has given way to spear-phishing, which uses victims’ personal information to establish a sense of trust. According to a March 2018 report by Symantec, 71 percent of successful cyberattacks occur as a result of spear-phishing.
Cybercriminals around the world have fine-tuned their approach to encrypting your data and holding it ransom. In today’s cybersecurity landscape, it is common for ransomware to remain hidden in your network for months, gradually spreading to mission-critical systems before activating.
By 2016, the ransomware industry was already booming. Within the first few months of 2017, it had experienced a 250 percent increase compared to the same time the year before.
Currently, there is nothing preventing that figure from continuing to rise. For American businesses, the question is not if – but when.
Develop a Ransomware Threat Management Plan
There are steps you can take to secure your data from malicious encryption and extortion. First, you have to recognize the threat and understand the risk management dilemma that ransomware presents.
Ransomware attackers typically activate encryption once they know they’ve gained control of a critical system. Infamous examples include WannaCry and Hollywood, which threatened to close down hospitals in the middle of delivering care.
In these circumstances, most reasonable executives think that the ethical thing to do is to simply pay the ransom. The cost of leaving critical systems inoperative is higher than the cost of paying the ransom, which perpetuates the industry producing rewards for the cybercriminals.
But paying the ransom comes with no guarantee.
Cybercriminals have no incentive to deliver on the promise of file decryption. In fact, they have a clear financial motivation to repeat the process, and if victims don’t take the proper steps to mitigate whatever vulnerability was exploited in the first place, it will happen again.
This is why the City of Atlanta chose not to pay the ransom following the large-scale cyberattack it suffered in late March 2018. The city’s computer system has remained partially inoperative since. Police officers have taken to filing reports manually, residents are paying municipal utility bills in person, and city officials are completing routine tasks working with their personal mobile devices and paper.
The city is functioning, albeit with great difficulty. It was largely unprepared for the consequences of a ransomware attack. This should raise an important question for any executive responsible for the operation of a business organization – are you prepared?
How to Protect Against Ransomware Attacks
Organizations that take steps to protect themselves against ransomware attacks can usually escape their consequences unscathed. The key is having a business continuity solution in place before the attack occurs.
For instance, you could store a backup of your organization’s data on an independent cloud server and configure the server so that your entire team can use it in the event of a data disaster. If an attacker encrypts your on-premises systems, you can simply migrate to the redundant system and continue working.
But the fact is that cybercriminals are increasingly using ransomware as a decoy to cover other forms of attack. Because ransomware is a cheap and easily-implemented commodity on the cybercriminal black market, it is an ideal distraction when used in a more sophisticated attack strategy.
Consider what would happen if the attacker’s main goal was exposing your independent backup cloud server?
A ransomware attack can actually be a diversion intended to overextend your resources in one area and leave your defenses compromised while your security team is busy handling that crisis.
Implementing managed network services is the best way to build up your defenses against multi-vector cyberattacks of this sort. With a reputable managed service vendor handling your network connectivity and hardware, you are equipped to weather the ransomware storm without overextending key resources.
The two-pronged defensive strategy that managed network service providers offer isn’t new – it echoes the Periclean Grand Strategy of Ancient Greece. When you build formidable defenses and avoid overextending your own resources, you retain the power to engage threats exclusively in advantageous conditions.
You need to improve your cybersecurity defenses to protect against unknown threats. Find out how DME can help you protect your files against ransomware.