If you haven’t been paying attention to the news over the past year or so, you might not have noticed the influx in IT security cases of what’s known a ransomware. But with this latest type of cyber security breach having evolved from relatively basic extortion to a much more sophisticated (and subsequently much more expensive) crime, the time to start taking proactive measures is now. What’s the best solution? Let’s take a look.
For those unfamiliar, in the most basic of terms, ransomware is a computer virus that infiltrates a system or network and holds its files and data ransom. In a successful breach, the victims are unable to access their data unless and until they pay the ransom amount proposed by the hackers. For those who do not actively and regularly back up their data, paying the ransom is often the only option.
Ransomware differs from other types of malware in that its purpose is not to damage the victims’ data, but rather to ensure a fast and complete payment of the money they demand. Up until relatively recently, the amount of ransom demanded has been relatively low – more like a nuisance than a serious financial burden. The turning point occurred around February of 2016, when a well-known US health care provider was breached and held ransom for approximately $17,000.
By all accounts, ransomware is developing into a serious danger to both individuals and businesses alike, and with McAfee Labs predicting that it will remain “a major and rapidly growing threat,” it’s obviously not going away anytime soon. In fact, according to the FBI Internet Crime Complaint Center, cyber extortion has become one of the most serious IT security threats impacting devices worldwide.
Among the various ransomware viruses to spread the globe, CryptoLocker is believed to be the first and remains one of the most prevalent, having infected hundreds of thousands of computers since it was released in September 2013. It is deployed via a seemingly harmless email message, which gives the appearance that it was sent by a legitimate and trusted source. When the recipient opens the attached file, however, the CryptoLocker virus is launched, immediately encrypting certain files on the hard drive or network. A message is displayed offering to decrypt the data in exchange for a ransom payment.
Perhaps the most concerning thing about ransomware is that nobody is safe. Gartner even predicts that by the year 2019, nearly half (40%) of larger enterprises will have no choice but to employ some type of specialized automated tools if they are to meet regulatory requirements. And not only is every individual and business at risk, but with the increasing sophistication and complexity of hackers and their malware, it’s becoming next to impossible to entirely prevent an IT security incident from occurring.
The key lies in taking a multi-faceted approach. First, organizations should make it mandatory that all systems, applications, data and files are backed up on a regular basis and those backups safely stored elsewhere. Next, a quality monitoring tool should be put in place to effectively weed out malicious threats as possible and hopefully stop as many of them as possible. Finally, automation should be integrated as part of the process so that the very moment an attack occurs, it’s not only identified, but its isolated and addressed immediately – before it has a chance to wreak havoc.
What the cyber criminals behind ransomware aren’t banking on is the fact that those potential victims who have this type of scenario in place will not be vulnerable to incoming attacks. Since the incident is immediately and effectively confined, it cannot spread to additional files and data. And because all information was backed up and has been stored separately and securely, the material that the hackers sought to hold hostage can be replaced without the need to pay the ransom. Essentially, an IT security strategy that combines monitoring with automated incident response renders even successful ransomware breaches ineffective.
Unfortunately, ransomware doesn’t appear to be going anywhere anytime soon and the hackers behind this popular form of cyber-crime are becoming savvier by the day. As a result, businesses and individuals alike must take the necessary measures to proactively reduce their risk, keep data and files secure and avoid becoming the next victim.