The Rise of Ransomware Webinar Recap
We recently held a webinar in conjunction with The Crypsis Group on the rising threat of ransomware. Panelists included our CTO Trevor Hawthorn, who joined the company in 2015 as part of our ThreatSim acquisition, where he was co-founder and CTO. Matt Ahrens, VP of Incident Response at The Crypsis Group, who has 15+ years of security experience rounded out this expert team. Feel free to consult our summary below, or view the webinar in full here.
The Rise of Ransomware
Ransomware attacks happen at all levels of the internet and take a variety of forms, with ransom demands ranging from small to large amounts. Roughly $24 million was spent on ransomware payments in 2015 alone. The threat of ransomware continues to increase as attacks are growing in complexity and speed. This type of malware is particularly troubling for individuals or organizations who don’t have proper backups in place, as it prevents or limits users from accessing their systems and forces unprepared victims to pay the ransom through certain untraceable online payment methods, such as Bitcoin, in order to resume business as usual.
The number of users who have encountered crypto ransomware in 2016 has risen 500% from the previous year, with a 300% increase, on average, of ransomware attacks per day. This dramatic rise in activity can be attributed to multiple factors, which include:
- The large number of available targets, from consumers to global organizations
- The variety of entry points (malicious links/attachments, end-user vulnerabilities, etc.)
- The proliferation and anonymity of digital currency such as Bitcoin
If you’d like to learn more about ransomware, you can download the presentation slides and view the webinar in full by visiting the link below.
Types of Ransomware
Ransomware takes many forms, but the most common types are as follows:
How Ransomware Works
The majority of ransomware attacks start with an email that includes a link or attachment that looks legitimate, and are often part of a social engineering scheme. From an end-user perspective, ransomware works in the following way:
- User clicks on ransomware link or attachment
- Malware has anti-sandboxing techniques enabled
- Ransomware message is deployed from other infected computers
- Ransomware payment screen appears
While ransomware is a threat to all organizations and industries, the general lack of overall data and information security have made the healthcare industry a prime target for ransomware attacks. The sensitive nature of patient data puts officials in a very tough position, as resources are often focused on HIPAA compliance rather than security. A recent Kaspersky poll indicated that 84 percent of U.S. business owners would not pay if attacked by ransomware, even if it meant losing data permanently.
Ransomware Response and Prevention
According to Webroot, there is a 50% chance end users will encounter a phishing site in 2016. Our 2016 State of the Phish™ report found that 85% of security professionals surveyed indicated they had been the victim of a phishing attack in 2015, a 13 increase from the prior year.
In the case of a ransomware incident, a fast response time is crucial to having any chance of recovering data. It is important to immediately disconnect your device from all available networks it is connected to, turn off any wireless capabilities, and unplug any external hard drives or USBs. Once this step is complete, assessment of the scope and strain of the attack can begin in order to determine a response. The Crypsis Group employs a strategy called the Crypsis I.C.E. Methodology™, which is a useful response tool if ransomware hits.
In an ideal world, your end users shouldn’t be falling for ransomware, as phishing attacks are the primary infection vector. The following best practices will equip your organization to be prepared in the event one of your end users falls prey to ransomware:
- Develop an Incident Response Plan
- Conduct regular back-ups and monitor back-up systems
- Deploy frequently updated anti-virus and content filtering rules
- Perform regular perimiter vulnerability scans and pen tests
We recommend putting a comprehensive security awareness and training program into place as an effective means to educating employees on best practices and habits. Good anti-phishing behaviors are, by extension, the best ransomware prevention money can buy. Our portfolio of 18 interactive training modules can help improve your organization’s cybersecurity posture. Explore our training portfolio to learn how we can help protect your end users from ransomware and other threats.
Subscribe to the Proofpoint Blog