Ransomware began its reign of cyber terror in 1989 and remains a serious and dangerous threat today. In layman’s terms, ransomware is malware that employs encryption to lock users out of their devices or block access to critical data or files. A sum of money, or ransom, is then demanded in return for access to the information. Some effects of ransomware include downtime, data loss, possible intellectual property theft, major financial consequences and more.
The Rise of Ransomware
Ransomware and their variants are rapidly evolving. McAfee Labs found that ransomware grew by 118% in the first quarter of 2019, and discovered new ransomware families using innovative techniques to target and infect enterprises. Based on volume, the top three ransomware families that were most active in Q1 were Dharma, GandCrab and Ryuk.
Many variations of ransomware exist. Often we’ve seen ransomware and other malware being distributed using email spam campaigns or through targeted attacks. But in Q1, our researchers found an increasing number of attacks are gaining access to companies that have open and exposed remote access points, such as RDP and virtual network computing (VNC). RDP credentials can be brute-forced, obtained from password leaks, or simply bought in underground markets. To note, the ransomware Dharma used the RDP attack method, while GandCrab and Ryuk used mostly spear-phishing as a distribution mechanism.
The Impact of Ransomware
Earlier this year, cybercriminals targeted the city of Riviera Beach, Fla., a waterfront suburb north of Palm Beach. After major disruptions in municipal services resulting from the ransomware, city leaders complied with the hacker gang’s demand of 65 bitcoin (roughly $600,000) in exchange for the decryption key. Although not suggested, we’ve seen a number of victims give in to the extortion demands of attackers, often paying the ransom demand of hundreds or thousands of dollars in order to restore their systems. In the end, you may reduce downtime by paying the ransom, but it’s never a guarantee that you will receive a decryption key, plus you will be funding criminal activity.
The impact of ransomware is more than merely a nuisance. Companies tend to experience temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.
How to Defend Against Ransomware
We must not forget that with every cyberattack, there is always a human cost, whether it’s a business dealing with an outage or a consumer dealing with a major fraud. It’s important to develop a proactive disaster recovery plan to increase your chances of withstanding ransomware. To help steer clear of ransomware, below are a few tips to follow:
- Defend – Sufficiently robust security solutions can protect you from known threats as well as those that have not yet been formally detected. Always downloading the newest version of your operating system or apps helps you stay ahead of threats
- Back up your data – Frequently back up essential data, ideally storing it both locally and on the cloud.
- Stay informed – Resources such as nomoreransom.org—an initiative created by the National High Tech Crime Unit of Netherlands, Europol’s European Cybercrime Centre, and McAfee—aim to provide prevention education and help ransomware victims retrieve their encrypted data without having to pay criminals.
About the Author
Categories: McAfee Enterprise