Ransomware: The Fastest Growing Threat in 2016

Eric O'Neill

Eric O’Neill

Carbon Black’s data shows that ransomware instances grew by more than 50% in 2016 compared to 2015. In fact, ransomware emerged as the fastest-growing malware across all industries in 2016, with major increases seen at technology companies, energy and utility companies and banking organisations, writes Eric O’Neill. As a result, we don’t expect ransomware to slow down anytime soon, and seeing as its on track to be a $1 billion crime in 2017, it’s still paying significant dividends for attackers.

Not only this, but ransomware is quickly evolving in terms of its sophistication as well. Payloads are increasingly infecting hundreds of machines at once. This was witnessed just last month when a string of ransomware attacks on MongoDB databases left roughly 27,000 servers compromised, with the attackers demanding significant financial reward in exchange for the stolen data.

Cyber security news was dominated in 2016 by the go-to ransomware family for attackers, namely Locky. Only released last year, Locky ransomware is typically delivered via a phishing e-mail that prompts a targeted victim to enable malicious macros via Microsoft Word. These macros then run a file that delivers an encryption Trojan, preventing the victim from accessing their files.

Following on from the file encryption, the victim receives a message with instructions on how to pay a Bitcoin ransom before they’re able to decrypt their files.

Having gained notoriety in February 2016, data shows that Locky was used in one out of every four ransomware-based attacks last year and has evolved several times since then. Most recently, attackers have been using Facebook instant messaging to spread Locky ransomware.

Prevention is the best defence

When it comes to ransomware, prevention is the most effective defence. How, then, can organisations protect themselves against ransomware?

*Back-up data regularly

Verify the integrity of those back-ups and test the restoration process to ensure it’s working. In addition to this, secure your offline back-ups. If you’re infected, a back-up may be the only way to recover your data. Ensure back-ups are not connected permanently to the computers and networks they’re backing up

*Block access

Configure firewalls to block access to known malicious IP addresses and logically separate networks. This will help in preventing the spread of malware. If every user and server is on the same network, newer variants can spread

*Train your employees

Implement an awareness and training programme. End users are targets, so everyone in your organisation must be aware of the threat of ransomware and how it’s delivered

*Scan all incoming and outgoing e-mails

Scanning ensures threats are detected and executable files are prevented from reaching end users. Furthermore, enable strong spam filters to prevent phishing e-mails from reaching end users and authenticate inbound e-mail using technologies such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM) to prevent spoofing

*Block ads

Ransomware is often distributed through malicious ads served when visiting certain sites. Blocking ads or preventing users from accessing certain sites can reduce that risk

*Only assign administrative access when needed

If an end user only needs to read specific files, the user should not have write access to them

*Leverage next generation antivirus (NGAV) technology

This will actively inspect files and identify malicious behaviour to block malware and malware-less attacks that exploit memory and scripting languages

*Categorise data based on organisational value

Implement physical and logical separation of networks and data for different organisational units

While ransomware continues to generate headlines, it’s still only a piece of the overall malware scope. Even with its rapid growth, ransomware only accounts for 2% of total malware seen in 2016.

With ransomware attacks not showing any sign of depleting, it’s also essential that organisations looking to defend against ransomware in 2017 are well versed in the prevention methods presented here.

Eric O’Neill is National Security Strategist at Carbon Black

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts