Organisations must respond to increasing threat of ransomware

New Symantec report finds ransomware numbers and ransom demands are on the rise, with corporations increasingly coming into the line of fire.

  • 8 years ago Posted in
It’s a nightmare scenario for any IT manager, receiving a phone call to hear that hundreds of computers have been infected with ransomware, knocking critical systems offline and putting their organization’s entire operations at risk.
 
That’s what happened to one large organization earlier this year, when it found itself the victim of a carefully planned and executed ransomware attack. What was uncovered from our investigation was a perfect example of an emerging form of corporate-specific attack. While most ransomware gangs have focused on widespread, indiscriminate campaigns, a number of groups have begun deliberately targeting specific organizations in a bid to completely cripple operations and extract a massive ransom.
 
Many of these attacks employ the same high level of expertise we see in cyberespionage attacks, using a toolbox that includes exploits of software vulnerabilities and legitimate software utilities to break into and traverse an organization’s network.
 
The attackers in our example were no different, gaining a foothold on the organization’s network by exploiting an unpatched vulnerability in one of its servers. Using a number of publicly available hacking tools, the attackers mapped out the victim’s network and infected as many computers as they could with a hitherto unknown variant of ransomware.
 
The outbreak caused considerable disruption for the organization, but it could have been much worse. Fortunately critical systems were quickly back online and much of the data encrypted by the ransomware could be restored from backups.
 
These kinds of attacks are still relatively rare, but now that they have been proven possible, the potential opportunity to hold well financed organizations for ransom may motivate more attacks.
 
 
Worrying trends
Symantec’s latest research paper on ransomware finds that it has now grown into one of the biggest dangers facing businesses and consumers today. 2015 was a record year, with 100 new ransomware families discovered. The vast majority of new ransomware discovered is now the more dangerous form of the threat: crypto-ransomware, which is capable of locking away the victim’s files with strong encryption.
 
The average ransom demand has more than doubled and is now US$679, up from $294 at the end of 2015. This year has also seen a new record in terms of ransom demand, with a threat known as 7ev3n-HONE$T (Trojan.Cryptolocker.AD) requesting a ransom of 13 Bitcoins per computer ($5,083 at the time of discovery in January 2016).
Who’s most affected?
With 31 percent of global infections, the US continues to be the country most affected by ransomware. Italy, Japan, the Netherlands, Germany, UK, Canada, Belgium, India, and Australia round out the top 10.
 
While the majority of victims (57 percent) continue to be consumers, the long term trend indicates a slow but steady increase in ransomware attacks aimed at organizations rather than individuals.
 
The Services sector, with 38 percent of organizational infections, was by far the most affected business sector. Manufacturing, with 17 percent of infections, along with Finance, Insurance and Real Estate, and Public Administration (both on 10 percent) also figured highly.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...