Technology

Cybersecurity alert: What you need to know about ransomware

Ransomware:  What you need to know to make the best decision


2016 is shaping up to be a year of extortion, making cybersecurity a must-discuss topic among businesses.  Cyber criminals are making a mint on ransomware as noted by the Federal Trade Commission Chair that ransomware is the most profitable malware ever devised. Criminal syndicates are now offering ransomware as a service that enables individuals to buy kits for a low dollar amount and then spread havoc to organizations to collect ransom.

With numerous variants being created, cyber criminals are increasing their attacks, the amount of ransom demands, and the sophistication of the ransomware. In fact, Ransom32, a new ransomware, has been publicly reported as the first ransomware that is allegedly based entirely on JavaScript. Thus, unlike some other ransomware that impacts Windows operating systems (OS), Ransome32 can purportedly be used against other OS such as Linux and Mac OS.

Many businesses are playing defense and are not prepared to deal with ransomware.

What is ransomware and how does it disrupt?

Ransomware encrypts files, immediately locking the owner out of his/her own data. Often, the owner will see a ransom note through a splash screen displaying the ransom amount to be paid to unencrypt the files as well as a required time period for when the payment is to be made, commonly 48 to 72 hours. This ransom note may include detailed payment instructions requesting the payment in Bitcoins,[1] a popular digital cryptocurrency.  If not paid, the ransom payment may increase, or in some cases, the files may be locked indefinitely.

The most commonly observed infection vectors for ransomware:

  • Large scale opportunistic phishing campaigns where an employee opens an email and accesses a link that drops ransomware onto the employee’s system.
  • An employee visits a compromised or malicious website hosting malware.
  • An intruder penetrates a network and installs ransomware.

Tough choice: to pay or not to pay

Is it better to pay and hope to have the files unencrypted or choose not to pay and deal with the impacts to the business?  For those organizations that have sufficient file backups, the ransomware threat is reasonably mitigated as the business can proceed without having to unencrypt the impacted files.  Other organizations that do not perform timely and sufficient backups are required to deal with the decision of whether to make a payment or face the business implications of losing the data. To further complicate these decisions, a payment may be made but the ransom website and infrastructure may be contemporaneously taken down by law enforcement, or other competing criminals.  This results in the worst-case scenario where a corporation pays, but the criminal can no longer unencrypt the files.

Preparing for ransomware – 7 key questions to consider

To proactively prepare for when ransomware impacts your organization, here are risk-management topics to discuss within your organization.

  1. Backups: Are backups being performed timely, tested and segmented properly?
  2. Digital wallets:  What is the strategy to pay if ransomware encrypts files and there are no backups?
  3. Legal:  What are the accounting and legal considerations with paying the ransom?
  4. Incident response plan:  Is there a plan and does it work?
  5. Board and C-Suite:  Is the board and C-Suite properly educated about the risks of these types of attacks? 
  6. Employees:  Are employees effectively trained to know not to execute “click the link” downloads?
  7. Prevention software:  Does the company’s anti-malware solution specifically detect ransomware?

[1] As of November 1, 2016, one bitcoin equals approximately $729.


Related reading — the outside forces that impact your business:

Category: Technology

Tags:  , , ,

About the Author: Bill Hardin

Bill Hardin is Vice President at Charles River Associates. He has worked on hundreds of forensic engagements in the areas of data breach and cyber incident response, theft of trade secrets, white collar crime, FCPA investigations, and enter…

Learn More

Leave a Reply

Your email address will not be published. Required fields are marked *