Every so often, a new threat surfaces and becomes cyber attackers' "go-to" method. Just a short while ago, advanced persistent threats (APTs) topped every headline - and organizations raced to stop attackers who would hide and move laterally across the network once they'd gained access. Now that threat is ransomware.
Next to phishing, ransomware is the most successful and profitable attack for cybercriminals. It's estimated that last year alone, ransomware scams cost victims nearly $1 billion worldwide. And it's no wonder it's become so successful - it is based on the old fashioned criminal model used by gangs and the mafia for many years, newly available in a digital format. Digital transformation is alive and well for businesses and criminals alike.
"...it's no wonder ransomware has become so successful - it is based on the old fashioned criminal model used by gangs and the mafia for many years, newly available in a digital format. Digital transformation is alive and well for businesses and criminals alike."
The ransomware attacks seen recently are an even bigger threat: instead of collecting your money and then leaving your organization alone, some new variants will destroy your data, as opposed to only encrypting it with no means of recovery. Which leaves us wondering what the next evolution could bring. Could it be a new tactic where the victim is forced into making ongoing payments to keep their data available known as "protectionware?"
The impact of these attacks is far reaching. On top of losing a company's hard earned money, there are also downstream effects. A few examples include:
- A police department in Texas got hit with ransomware and lost eight years of evidence, potentially causing criminals to be set free.
- The San Francisco Municipal Transit Authority had to shut down their commerce system for two days costing them $50K in lost revenue.
- The Washington DC police lost 70 percent of their surveillance cameras leading up to the Presidential inauguration leaving a gap in security.
Given the significance of the ransomware threat, we wanted to dig in a little deeper. We conducted a short survey during April 2017 that focused on ransomware, including the biggest concerns and how far reaching the threat might be especially in the mid-market. The survey garnered more than 1,000 responses from a broad set of organizations - ranging from 1-10,000 employees in size, with the largest percentage (18.1 percent) of responses coming from organizations with 101-250 employees - based across the Americas and EMEA.
The results were eye opening. An overwhelming majority of people surveyed, 92 percent, are concerned about ransomware hitting their organization. It seems like these fears are well founded - nearly half, or 47 percent of respondents had been a victim of ransomware themselves. Of those ransomware victims, 59 percent were not able to identify the source of attack. However, of those 41 percent who could identify the source, 76 percent reported that the ransomware attack came through email. These findings underscore the importance of layered security for email - at the gateway, for internal messaging, and certainly for one of the most often overlooked areas, education for employees, who can be the weakest link when it comes to protection against threats such as ransomware.
The results were particularly fascinating for those using SaaS applications, as they relate to built-in security functionality on those applications. For example, 70 percent of respondents do not feel that Microsoft Office 365 meets their needs to protect against ransomware, emphasizing the value of third-party security solutions. In fact, nearly 60 percent of the respondents are using 3rd party security solutions, like Barracuda Essentials for Office 365, to augment native security features.
So how can you protect your organizations from these risks? Use these tips to ensure you don't become part of the 47 percent of respondents from this survey who were victims of ransomware:
- Don't assume you are too small to be a target: A common misconception is that small and midsized businesses think they are unattractive attack targets and by default, safe. In reality, these organizations are often more prone to attacks as they're assumed to have fewer staff, technology, and resources to combat targeted attacks.
- Secure everything: Digital transformation can open the door for broader attack surfaces and more sophisticated and targeted attacks. Modern advanced attacks typically exploit several vectors - as our research suggests, malicious emails remain a key focus area for attackers using ransomware. The best defense is a great offense - and organizations must take a "secure everything" approach to protect themselves from modern attacks. In order to do this and to protect against smarter breeds of malware, like ransomware, organizations need Advanced Threat Protection (ATP) across all threat vectors. Barracuda deploys Advanced Threat Protection as a micro-service, which means that each ATP enabled solution can employ the intelligence gathered by the others. This makes processing faster and more scalable. A network firewall alone is not enough, just as an email security gateway alone is not enough. As organizations look to benefit from virtualized and cloud networks, it's critical to ensure the same security and access controls are in place there as with your on-premises infrastructure.
- Enforce, monitor, educate: User behavior can be your weakest link, and it is inevitable that someone will eventually click. However, education is a critical piece of a solid data protection strategy as attackers increasingly look to exploit "human networks" in targeted phishing and spear phishing campaigns.
- Recover from attacks with minimal disruption: When all else has failed, you need a plan to recover your data quickly. Typically for ransomware, the best approach is to devise and implement a comprehensive backup recovery plan that will allow you to recover all your encrypted files with minimal effort.
It's important to note that even if you've already been hit, you're not immune from future attacks. In fact, some attackers might view your organization as an easy target and begin making plans for an attack with even greater consequences. This means it's never too late to re-evaluate your security strategy to protect your organization.