Imagine it is a Monday morning and you have been asked to research a new payment processing system by your manager. The problem is as soon as you download what looked like a safe and secure white paper from a reputable website your computer flashes with a message demanding payment or your company will lose its data. This is a form of ransomware.
According to a report by Palo Alto Networks, to be considered ransomware, an attacker must successfully take control of a system or device, prevent the owner from accessing it and alert the owner that the device is held for a specific ransom price. The attacker remains in control until payment is received in full and then will return full access to the device owner. Ransomware comes in a variety of forms, including compromising the ad server of an expired domain, hacking the controls of Internet-connected devices like a retailer’s mobile floor payment system, XSS attacks, SQL Injection, Cross-Site Request Forgery (CSRF), Directory Traversal and more. PhishMe released a report that says 93 percent of all phishing emails contain encryption ransomware and Cisco’s 2016 Midyear Cybersecurity Report stated that there are 20 billion threats blocked daily and with more than 1.5 million unique malware samples every day, this works out to 17 new pieces of malware every second.
The FBI reported that $209 million was paid out by companies in the first quarter of 2016 due to ransomware. Kaspersky Lab reports that the third quarter of 2016 had eight times as many attacks as the same timeframe in 2015, which amounts to companies spending hundreds of millions of dollars annually due to ransomware. Rick Holland, Mark Tibbs, Simon Tame and Michael Marriott, researchers at Digital Shadows, in their Ransomware and Other Cyber Extortion: Preventing and Mitigating Increasingly Targeted Attacks told of how Rex Mundi successfully extorted many companies. In one case, they accessed over half a million customer records from Domino’s Pizza in 2014 and demanded $40,000 or they would release the personal information online. Some companies like Code Spaces were bankrupted after they couldn’t pay several million dollars for their ransomed data.
McAfee Labs’ 2017 Threats Predictions infographic explains that machine learning will only accelerate social engineering attacks. The bigger problem is even if a company pays the ransom, they are still vulnerable to attacks from their comprised files. Forrester’s 2017 Predictions: Dynamics that Will Shape the Future in the Age of the Consumer speculates about the vast array of dangerous data exploits that may happen to businesses, healthcare institutions, governments and succinctly explains that the biggest challenge to your business is that, “your customers are more aware of, wary of and frustrated with security and privacy risk and you will increasingly gain or lose affinity based on how much they trust your company.” And make no mistake; you can never be too small or too large to escape the threat of attack via ransomware.
Of course, there are various systems, software and protocols that are part of the comprehensive solution to mitigating ransomware. These include network segmentation by splitting a computer network into subnetworks, endpoint detection and response systems by focusing on suspicious activities of endpoints and hosts and application whitelisting to prevent unauthorized programs from running. Meeting the standard of PCI and HIPAA compliance will demonstrate how well your security program meets a minimum specific regulatory standard but does nothing to protect you from ransomware or protect your business operations. Your last line of defense must be a strong and fast Backup and Disaster Recovery (BDR) tool.
A robust, up-to-date BDR solution is key to ensuring business continuity as longer downtime means fewer business transactions (revenue loss) and the increased likelihood of customer attrition due to loss of customer confidence. Cisco’s report stated the current average time of attack lasts 13 hours, which is down from 50 hours in 2014.
Unfortunately, many companies only have legacy systems that backup once per day and will not work in a 24/7 work world. The right safeguard is a modern solution that provides immediate recovery, encrypts backups and replicates your most important systems.
According to Quorum’s State of Disaster Recovery Report 2016, 77 percent of respondents have utilized their disaster recovery solutions after a security threat event. Through Disaster Recovery as a Service (DRaaS), your company will go beyond time-draining, simple data recovery to being able to almost immediately restore business operations from the copy of your data and systems in the cloud. One of the ways to do this is through Quorum onQ.
Recently Quorum released a comprehensive eBook outlining the scope of the ransomware epidemic and the integral role the BDR solution plays in recovering from an attack. Part two of this series will detail the product role and key features needed to incorporate a BDR solution into your 2017 ransomware preparedness plans.