Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Decoding the ran$omware epidemic

Kane Lightowler, Managing Director, Asia Pacific & Japan, Carbon Black | June 24, 2016
Antivirus and other more traditional security tactics are simply not enough, and until businesses ramp up their defenses to meet the level of sophistication now found in cyberattacks, they will always be at risk of being the next victim of the ransomware epidemic.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

The FBI recently issued an advisory on the rise of ransomware, warning governments, law enforcement agencies, hospitals and businesses alike to beware of this increasingly sophisticated form of cyberattack, in which cyber criminals encrypt an organisation's or an individual's files and demand for a ransom payment in exchange for a decryption key.

Just this year, we saw two high-profile ransomware attacks on Hollywood Presbyterian Hospital in Los Angeles and MedStar Health in Washington, D.C., severely crippling their operations and endangering the lives of the patients as communications within the hospital were completely shut down. Hollywood Presbysterian reportedly paid a sum of US$17,000 in bitcoins to regain access to their system.

The United States healthcare sector is not the only one in jeopardy. According to the Asia-Pacific Defence Outlook 2016, South Korea, Australia, New Zealand, Japan and Singapore, dubbed the "Cyber Five", are nine times more vulnerable to cyberattacks than the rest of their Asian counterparts. This is attributed to the high dependence of these nations on internet-based interactions. As governments in the region look to further harness the Internet of Things (IoT) as a key economic driver, the number of endpoints will increase exponentially, presenting cybercriminals more attack vectors to exploit.

Despite the rise of ransomware, an alarming majority of businesses are still relying on traditional antivirus as their only form of safeguard against today's increasingly advanced threats. This gives cybercriminals an easy entry to exploit and turn into a lucrative business model that is growing stronger than ever.

Ransomware as a Business

Ransomware is by no means a new phenomenon. However, it has evolved through time to adapt to and circumvent new defenses. In just five months this year, we have seen at least seven new variants of ransomware, including PowerWare, which utilises PowerShell, the scripting language inherent to the Microsoft operating systems. The use of PowerShell avoids writing files to the disk and allows the malware to blend in with legitimate activity on the computer, thus averting detection by antivirus software. 

Another rampant trend is Ransomware-as-a-Service (RaaS) - a business model where cybercriminals pay a fee for the distribution of malware or promise a percentage of the ransom paid by an infected user.

While this may be a hard pill to swallow, ransomware has become a very profitable business model and as more user-friendly variants are developed, even those with little cyber know-how can easily deploy various forms of ransomware to exploit companies and individuals.

The Ransomware Remedy

Prevention is better than cure is equally applicable to an organisation's health. While there are decryption tools available for infected systems, cybercriminals have time and again proved to be able to advance their means of attack, overriding existing remedies.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.