Ransomware: the growing attack mode of choice

Ransomware has become the security attack mode of choice for many cyber criminals today. And it’s no wonder, considering how easy and inexpensive it is to launch these types of attacks.

In fact, just about anyone, even those with little or no technology experience, can become successful cyber criminals. That’s according to a December 2016 article in CSO by Taylor Armerding, “Ransomware as a Service fuels explosive growth.”

The article notes the rise of “ransomware as a service” (RaaS), a business model in which malware writers enlist “distributors” to spread the malicious code, then take a cut of the profits from ransomware attacks.

Even though such incidents are on the rise, they do not always garner the attention that more impactful attacks such as distributed denial of service (DDoS) receive. As I shared with CSO, a DDoS attack tends to get more publicity because “it affects all users of a product or service, so the news of its impact spreads at the speed of typical Internet news.”

By contrast, the public rarely learns of ransomware attacks until the affected company, its customers or the attackers themselves share that information. Because of this, it’s hard to estimate an accurate number of ransomware attacks; many organizations choose not to report them.

When ransomware attacks occur, businesses cannot take these incidents lightly. Ransomware can cause system outages and other problems if companies do not take action to defend against them, and the average ransom demand has been on the rise.

Some experts say organizations should avoid paying ransoms to attackers so as not to encourage future attacks with larger demands. The security side of me says victims should never pay. But the business side of me knows that if a company can’t go on without paying the ransom, it will pay.

Fortunately, there are steps companies can take to avoid dealing with these attacks in the first place. They can begin by limiting access to their most critical data and then rigorously monitor the corporate network for anomalies.

It starts with create copies of your files in a safe location once you detect a threatening anomaly. Companies should also test the restoration of their backups – long before they ever find themselves in the position of having to rely on those backups. Some other important practices include these:

  • Install software patches and updates as soon as they’re available.
  • Educate yourself and your team to spot phishing emails.
  • Regularly back up data, and store and protect it offline.

Interested in more about ransomware protection? Sign up for the DataGravity newsletter.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.