Who Is Behind The Rise In Ransomware Attacks?
Ransomware currently tops our list of cyber security threats in 2016. If your business finds itself the target of a ransomware attack, the consequences could prove to be devastating. Recently, this kind of cyber attack has been showing up in headline after headline, bringing even large businesses to a grinding halt when they can suddenly no longer access their own critical data and infrastructure.
In early 2016, Hollywood Presbyterian Medical Center was hit with a ransomware infection that demanded a payment of $17,000 in order to regain access to the hospital’s files. The police force in Tewksbury, Massachusetts fell victim to a ransomware attack and the police department was forced to pay the ransom in order to regain access to their systems.
Every Chief Information Officer should be aware of the increasing likelihood of their company becoming the next victim. One question we hear over and over right now is, “Who is responsible for the sudden influx of ransomware infections in the past 18 months, and why are they intent on causing such chaos?”
It’s Always About Money.
In the end, the simplest explanation is sometimes the correct one. Ransomware creators are taking advantage of certain factors that allow them to make money off the victimization of businesses and other organizations around the world. These factors include:
- Untraceable money – Online-only currencies like bitcoin allow hackers to get paid without a traceable paper trail.
- Network globalization – Hackers often work from countries with weak computer crime laws, meaning that even if they are caught committing cyber security crimes in the United States, their home countries won’t extradite or prosecute them.
- Unpatched workstations – Without proper patches, your business is essentially one large vulnerability.
These three factors have created the perfect climate for those who want to rob your business of its hard earned money. It is being reported that ransomware creators have cashed in to the tune of $325 million in profit.
With so much at stake, ransomware creators have doubled down on creating new strains that exploit vulnerable systems.
Forensically Analyzed Ransomware Data Provides Hints
When searching for clues as to the origin of these attacks, researchers discovered an interesting correlation; many ransomware variants do not infect machines that have a Russian keyboard.
Hypothetically speaking, if the hackers behind ransomware were based in Russia, it would make sense that the malware wouldn’t target Russian computers. While Russian cyber security laws (in fact, most countries’ cyber security laws) are lax when it comes to international targets, hackers could find themselves facing serious consequences if they are found attacking computers within Russia’s borders.
The FBI has announced a reward of $3 million dollars for information leading to the arrest of Evgeniy Mikhailovich Bogachev, a Russian national that is allegedly responsible for over 1 million ransomware infections that have led to over $100 million dollars in financial losses for businesses and consumers.
Cyber Crime Attracts Cyber Gangs
With hundreds of millions of dollars at stake, cyber gangs have jumped on the ransomware bandwagon in efforts to generate profits for their illicit operations.
The involvement of these more-organized groups is fanning the flames of ransomware, with new variants of this particular kind of infection being developed at a near-breakneck pace. Given the fact that ransomware infections are increasingly targeting specific businesses, the hackers may elect to set the ransom price to a price that they think the business will pay. In the case of the hospital at the beginning of our article, the ransom was “only” set at $17,000, which the hackers believed was a fairly reasonable price for a hospital to pay.
Businesses that thrive on data driven solutions could become the target for a ransomware infection. Employees within these businesses must become educated on the risks of fake emails and visiting hacked websites.
RANSOMWARE ATTACKS CAN EVEN COME THROUGH LEGITIMATE WEBSITES
One of the more popular ways that cyber criminals target businesses is by hacking websites that end users may visit on a regular basis. For example, there may be a local website that your employees use for research or workplace purposes. If hackers successfully target this specific website, they can effectively target your organization’s internal network with infected downloadable files, exploit kits, and other infectious tools.
If that website does not update its Content Management System (CMS) on a regular basis, specific versions of the CMS could be vulnerable to attacks. If the hackers can gain access to these websites, they can replace seemingly innocent download links with links to infected files.
Cyber gangs are increasingly using this tactic to infect unknowing parties who visit the hacked website. More specifically, the Dridex cyber gang has been linked to many of the latest targeted ransomware attacks.
Reducing Your Attack Surface for Ransomware
Cyber criminals exploit businesses that haven’t kept their infrastructures or data up-to-date. Consequently, running Windows Updates alone isn’t enough to keep your systems completely safe. Here is a short action list for your organization that will help mitigate these attacks:
- Consider using 3rd party browser plugins that will check the validity of a website before it is loaded onto your computer.
- Provide training for end users on how to spot and report a potential ransomware attack.
- Disable Flash, Silverlight and Java on all desktops. Consider a whitelisted approach with Microsoft EMET.
- Always perform critical updates as soon as they are released.
The Online Trust Alliance says that up to 91% of all ransomware attacks in 2015 were preventable.
In order to keep your company’s system secure and protected against these threats, you’ll want to work with a reputable Managed IT company whose security services are customized to fit your unique budget and needs. At BACS, we’ve made it our mission to be the first to know about new security threats and how to ultimately prevent them from making their way into your system. Give us a call at (650) 887-4601 or contact us online to learn more!