Ransomware

The truth is Ransomware can be the demise of any business. If the proper security measures aren’t put in place to reduce the risk of a compromise, businesses can end up paying in terms of money, customer retention, data loss and reputation. Ransomware malware has not gained momentum in recent news because it is new, but because of its reputation when it comes to businesses, its ease of distribution and success rates in terms of extortion and compromise makes it attractive to hackers.

Recent attacks are primarily seen in the healthcare industry because of their lack of security controls. Hospitals’ abundance of EPHI also makes it an attractive target. The Hollywood Presbyterian Medical Center in Los Angeles paid 40 bitcoins which is about $17,000 for release of their files earlier this year. Medstar Washington Hospital a more recent victim experienced system wide downtime for 1 week because the malware encrypted the hospital's EPHI systems.

Small businesses do not have it easy either. Houston based firm Advantage Benefits Solutions faced the terror of Ransomware and paid a fee to return its systems to normal functionality. Small businesses are low hanging fruit for attackers and they know that these businesses don’t spend the money to properly secure its infrastructure making them an easy target. Law enforcement agencies are overworked with these incidents, so paying the ransom is not frowned upon. In June of 2015 the FBI estimated CryptoWall a ransomware variant cost US organizations $18 million over the previous year. Researchers have seen an uptick in the malware as 4 million samples were discovered in the second quarter of 2015 where roughly 1.5 million samples were analyzed in the third quarter of 2013.

Ransomware is a family of malware also called malicious code that is used to encrypt the data on your computer and or mobile device. The data is held hostage for a ransom fee usually paid in Bitcoin. Once the money is received from the victim, the hacker provides a key to decrypt the data on the device.  Extortion is another technique used by Ransomware where hackers demand money in exchange for not releasing sensitive documents that they have obtained from the computers taken hostage. The malware continuously evolves into improved versions including updates to evade detection mechanisms and can also be distributed with other exploits. Security companies are only recently developing ‘ideal’ solutions to truly detect and prevent full hard drive encryption by the malware.

To reduce the risk of your computers becoming infected with the malware you must take a layered approached. The malware is often distributed by phishing email campaigns, removable media such as USB devices and through malicious websites. End-user training is by far the most effective measure of defense. Routine simulations to test your employee’s ability to identify suspicious emails and rouge media are critical to prevention. Reporting suspicious activity to the appropriate IT personnel is important as well. From a network security standpoint implementing Anti-Virus, DLP and other detection platforms all help reduce the risk of compromise.