2017 ransomware attacks mark a turning point in the history of cybercrime. While not the first year of such attacks, the stunning scope of the many cyber attacks this year embodies the turbulent ransomware future that looms. It is important to note that ransomware attacks are not committed by individuals but are instead perpetrated by organized groups of extortionists. This is the core reason that we will continue to see more attacks asking for payment before business operations can continue.
Attacks have spread quickly across international borders and throughout myriad organizations from sources that, even months later, are not fully understood. Whether the 2017 attacks were truly new threats or updated versions of previous ones, they illustrate the attackers’ abilities to hone their tools and strategize their assaults. Cyber attacks — which began as exercises in disruption before evolving into extortion through ransomware — have long resulted in lost revenue and blows to public trust, but the crucial feature that distinguishes ransomware is the depth of its damage and its potential.
Large-scale ransomware attacks have become reliably lucrative. For this reason, they’re not only growing in scale and cost, but they’re also unearthing problems that victims, far from knowing how to combat, didn’t even know they had.
The Growing Shadow of Ransomware
Profitable businesses require operational efficiencies, and the same process is being applied by the extortionists of ransomware. One group finds the security hole, another builds the ransomware that exploits that flaw, while a third runs the service that deploys the ransomware. The specialization continues on the back end: Bitcoin allows for a near-anonymous transfer of money, and there are help desk services that teach victims how to use bitcoin to make payments.
This ease means people who find it acceptable to extort money from even the most vulnerable, such as hospital systems, don’t need much technical skill to carry out their schemes. They can just buy solutions and hire services, making ransomware one of the simplest and most high-profile forms of cybercrime.
With few obstacles and high margins, it should not be a surprise that the scale, speed, and severity of ransomware attacks is projected to trend upward for years to come.
The Foundation of Defense
The average ransom demand rose to $1,077 in 2016, and that figure is likely to rise again in 2017. Rather than try to fix the problem, users should focus on preventing it; prevention is the only method of protection.
- Keeping systems updated by installing the latest patches is a great start. Even seemingly insignificant oversights can leave a vast network at risk. And because ransomware exploits these oversights, organizations must get serious about plugging every conceivable entry point. If managing the influx of patches is too daunting, you can transfer applications to the cloud instead. Most products today come with a cloud option, and by leveraging vendor and cloud provider resources, you can keep your applications updated.
- Employees are the next best line of defense. Ransomware frequently relies on contaminated emails, fake websites, and malicious links to trick users into downloading malware. This phishing strategy has proven to be highly effective. A vigorous campaign of training, testing, and ongoing education encourages users to follow best practices and teaches them how to avoid common and devastating pitfalls.
- Automation and backups protect you from what employees will miss. No matter how much employee training you conduct, the sophistication of attacks combined with everyday mistakes makes your organization vulnerable to attacks. Leveraging cloud services for secure email gateways and secure web gateways reduces the risk of malicious emails and sites. And in the event hackers find another way in, backup systems and archived data keep your organization operational without your having to pay the ransom.
We haven’t yet seen the worst of ransomware, making prevention a mission-critical bulwark against attacks. As the attacks become more frequent and more ruthless, don’t put yourself or your organization into the position where you have to decide whether to pay, disrupt business, or worse.