READ detailS

UK firms prepare for ransomware, the wrong way

One in three UK businesses are stocking up on Bitcoins to prepare for a ransomware data security attack, new Citrix research shows.

It looks like 35% of businesses are willing to sacrifice £50,000 in order to unlock critical data assets if they get struck by ransomware, the study reveals. This troublesome fact indicates that companies are ready to give in to cyber-extortion demands instead on focusing on cyber-prevention strategies.

“Today’s threat landscape is more advanced, more determined and better equipped than ever before to exploit the weaknesses of organizations – many of which house a potential data goldmine,” said Chris Mayers, chief security architect at Citrix, at the InfoSecurity event in London.

50% of the surveyed companies said they don’t backup data daily, a big mistake considering it’s the easiest way to regain files if an attack occurs. What’s more, 13% don’t serialize copies, which means they can’t be reconstructed and recovered in a different environment.

These numbers are more alarming as ransomware is proliferating – over 120 families of ransomware can be found in the wild today, according to Intel’s security experts.

What’s more, phishing volumes in the first quarter of the year are up by 800%, according to PhishMe statistics, and 93% of phishing emails now are pushing ransomware.

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises,” explains RohytBelani, CEO and co-founder of PhishMe.

Malicious emails are typically accompanied with Microsoft Office documents laden with malware or downloaders that installmalware.

Statistics from the Anti-Phishing Working Group show phishing attacks have reached a record level in the first quarter of 2016. Between 2015 and 2016, there was a 250% increase in phishing sites

The spread of ransomware is also aided by the whole malware-as-a-service phenomenon. The distribution of ransomware kits on online black markets enables even non-tech-savvy individuals to purchase, deploy and monetize the malware for as little as $3,000. Considering the return on investment is usually stellar – provided a large enough network of victims – the price is a bargain for someone willing to break the law.

Not long ago, the CryptoLocker/Cryptowall ransomware kit was spotted on sale for such an amount. Its developer even offered business models ranging from affiliation – where both the customer and the developer split the earning 50/50 – to partnerships that could span to other cybercriminal activities. Besides purchasing the full source code of the malware and the ability to endlessly generate new samples, the developer also offered free 24/7 support.

Key protective measures

These findings emphasize the importance of building a robust IT network that safeguards users from cyber-attacks.As spammers get more aggressive, it’s important for users and companies to strengthen defenses.

Keeping a copy of important files is probably the best way to keep your piece of mind, whether you are a business or end user. Other important protective measures include:

  • Using an endpoint security solution
  • Patching or updating all endpoint software and webservers
  • Deploying a backup solution
  • Disabling files from running in locations such as “AppData/LocalAppData” and deploy policies that restrict users from executing malware
  • Limiting users from accessing mapped network drives
  • Protecting email servers with content filtering solutions

Educating employees on identifying spear-phishing emails and other social engineering techniques.