Ransomware is like a thug with a gun: “Pay up, or your data gets it!”
Facing such a blunt demand, many organizations simply cave in and hand over whatever amount of money (usually in the form of bitcoin) is necessary to regain their data. Problem solved? Not necessarily, says Michael Viscuso, co-founder and CTO of endpoint security provider Carbon Black, who sees no easy way out of a ransomware attack.
“It’s still surprising to me that people who have paid the ransom think that the game is over,” he says. “The reality is that the attacker has access to your system and is encrypting and decrypting your files whenever he wants to — and charging you every time.”
And yet, organizations are clearly paying up. Ransomware attacks generated around $1 billion in 2016, according to the FBI. The CryptoWall ransomware alone generated $100 million in payments in 2016, according to Dan Siebert, an inside sales engineer for security at CDW, but in 2015 it caused $325 million in damages via the servers and infrastructure and research spent to defend against it.
James Lyne, global head of security research at security technology company Sophos, notes that many ransomware attackers hide code within decrypted data, allowing them to reinfect the host at a future date. “Because if you’ll pay once, you’ll pay twice,” he explains.
Lyne also warns about the emerging threat of “shredware,” malware that encrypts data without requesting a ransom, effectively destroying it.
“I bring that up because I’ve had a lot of board advisory meetings recently where people have said, ‘Well surely, we’ll just keep a fund, and if our data is encrypted, we will just pay the cybercriminals,’” he says.
Shredware is also a cousin of “wiperware,” malware designed to wipe data from infected systems. Many security researchers concluded that the Petya malware attack that struck in June was actually wiperware, and not ransomware, as many originally thought.
Best Practices to Defend Against Ransomware
Instead of paying, organizations can take steps to defend themselves against ransomware. These steps include:
- Effective backups: IT staff can save themselves trouble and money by implementing regular backup practices to an external location, such as a backup service. In the event of a ransomware infection, backup data can get organizations back on their feet quickly.
- User training: Most infections are the result of users clicking on links or attachments connected to malicious payloads. IT teams can avoid these pitfalls by training users to look out for them.
- Deployment of security solutions: Measures such as anti-malware, firewalls and email filters can help detect ransomware and prevent infections.