Threat Intelligence Blog

Cybercrooks love ransomware because it’s a quick and easy way to make money. The victims, whose systems and critical files are now encrypted by malware, are often left with no choice but to pay the ransom to retrieve their data – which isn’t always guaranteed. For this reason, it’s no surprise that Gartner analysts estimate that there were 2-3 million successful ransomware attacks in 2016 and that the frequency will double year over year through 2019.

Organizations are typically infected with ransomware after an employee is tricked into opening an infected email attachment (i.e., that email from a Nigerian prince) or clicking on already infected content on a webpage, such as an ad saying you’ve won a free iPod. Once the user triggers the malicious code, a sequence of events unfolds that locks down the victim’s system through encryption and displays a message listing demands that must be met in order to regain access. Almost all of the ransoms demand payment through cryptocurrency such as Bitcoin, because it produces a quicker payout than stealing credit card data and there is a lower risk of being caught due to the anonymity of most cryptocurrency.

The impact of ransomware is instantaneous, resulting in companies often suffering a tremendous amount of monetary damage, as well as systems and business downtime. The threat of ransomware continues to increase as actors pursue new tactics and develop new variants of their malicious code. To stop the threat of ransomware, companies must have a complete security approach and understand the latest tools, tactics, and procedures used by these actors.

Numbers Game: Ransomware-as-a-Service

The rise of ransomware may be attributed to the high degree of automation used in the attacks.  Compared to ransomware, traditional malware such as Trojans and keyloggers often require a higher level of effort from the initial stage of infection until funds are sent to their bank account.

In today’s landscape, amateur cyber criminals can purchase relatively cheap, user-friendly ransomware kits on the Dark Web known as Ransomware-as-a-Service (RaaS), which opens the door for unskilled actors to conduct their ransomware operations. Unlike other types of popular cyberattacks, actors do not need to be very skilled or have expensive equipment to launch these attacks. Often, the authors receive a small percentage of the ransom. Actors create new ransomware variants every day, so organizations looking to mitigate ransomware attacks must keep their security teams and their solutions up to date and be aware of the evolving landscape.

Mac OS Malware on the Rise

 Another reason ransomware continues to be successful lends to the misconception that Apple’s Mac OS is invulnerable to malware. That is far from the truth, and the notion can be devastating to organizations as more companies introduce multiple flavors of operating systems into their network. The first quarter of 2017 saw an increased number of malware written for Mac OS, including Mac-focused ransomware. Systems with Mac OS have been hit by more ransomware this year than in all of 2016. As a best practice, organizations must account for Mac OS in their overall security program. More importantly, organizations must educate users that malware variants are becoming a major problem and Mac users can no longer rest on the belief that they are protected from such attacks.

Stopping the Specter of Ransomware

To protect against ransomware, your organization should be implementing a holistic approach that is a mix of security solutions and security awareness training for employees at all levels. It can be argued that the size of an organization’s poorly maintained network is relatively proportional to their attack surface, and security solutions require a layered defense to accommodate all layers of the network. As a preliminary line of defense, you should at least have an enterprise anti-virus solution to help stop known variants of ransomware. In addition, you should have a robust email security platform to identify and thwart suspicious content before emails reach the end user. Most ransomware enters an organization through email in the form of spear phishing, which relies on social engineering.

Ransomware and other malware are sometimes delivered through known vulnerabilities in operating systems and unpatched browsers and plugins. For this reason, businesses should incorporate patch management to address known vulnerabilities of all systems and applications used in the network. A structured business continuity plan coupled with regular data backups will help you move forward smoothly in the event of a ransomware attack.

With that said, organizations cannot solely rely on security solutions to thwart ransomware attacks. Unfortunately, many businesses overlook the importance of user security training. As attacks become more sophisticated, users must be trained to identify phishing and social engineering and understand the consequences of clicking a questionable link or attachment or unknowingly downloading malware. A preventive strategy will go a long way.

Build the Cyber Wall

As with any cyber threat, ransomware continues to teach us that no one is immune to an attack – not even Mac users. A strong defense should include threat intelligence, so you can be educated on actors’ tools, tactics, motives, and procedures. Threat intelligence can help keep you ahead of the bad guys, knowing about incoming ransomware trends, and staying informed about the latest ransomware developments and the modus operandi of threat actors. Ultimately, this allows your organization’s security teams and IT staff to be proactive in setting up and configuring solutions that will recognize and mitigate ransomware.

However, all the best security solutions in the world will not protect your company if your employees aren’t aware and educated on proper security methods. Employees are your first and last line of defense, and organizations should incorporate security into their culture and educate users of all levels. A workforce of security-conscious employees is just as important as the latest security solutions that an organization can purchase.

Additional Posts

Weekly Phishing Activity: October 30, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

Weekly Phishing Activity: October 23, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...