If there is one major cybersecurity lesson we learned last year it was this: Ransomware is here, and it isn’t going away anytime soon.
Ransomware is a type of malware that severely restricts access to a computer, mobile device, or file until the demanded fee is paid by the victim. Often, it arrives in the form a phishing email or message and begins its foul work as soon as it reaches your system. Regardless, victims are presented with a hefty ransom to regain access or you can kiss it all goodbye.
The first option is unpleasant. The second is unrealistic. So many organizations wind up paying the ransom. But, consider the consequence of doing so. If an organization coughs up the money, it’s not only funding cybercrime, but it’s also sending a signal to cyber-criminals: “hey, we’ve got money, we’ve got important data, and our systems aren’t equipped to combat such an attack, so we’re willing to pay what is demanded to get access to our stuff.”
In addition, we’ve learned from the past that ransomware isn’t a one-time deal. Take, for example, a Kansas hospital that was extorted twice. After succumbing to the initial ransom, the attacker demanded a second payment to unlock all files. In another instance, a Michigan radio station suffered from being hit with ransomware twice in two weeks.
Ransomware halts your business, halts productivity and, potentially, sets your organization up for failure. And those who’ve been affected by ransomware stand a good chance of being re-infected this year. For this, you can thank the number of digital entry points in an organization that a cybercriminal can exploit.
First on their list is email, the most common medium for ransomware and the easiest for cybercriminals to abuse. Even victims that take the necessary precautions to detect and remove suspicious files from their email – sometimes going so far as to undergo phishing detection training – are still at risk. This is because phishing attacks, which are messages that trick people into downloading or opening corrupted files, are difficult to detect by nature. If someone has been tricked once, they could very easily be tricked again.
Another tool called a “backdoor.” It’s just like it sounds: cybercriminals build backdoors into networks for prolonged spying and re-infection. A backdoor is a technique in which a system’s security mechanism is bypassed undetectably to access a computer or its data. This means a cybercriminal can re-infect a network if a company does not perfectly clean and remove malware from its devices. All the cybercriminal has to do is wait for the right opportunity. Ransomware variants that install backdoors for later use are uncommon now, but they do exist and cybercriminals are actively testing them.
Source: SANS ISC SecNewsFeed @ February 28, 2017 at 01:09PM