Enterprises Need to Relook at Ransomware

Date:   Sunday , February 12, 2017

Headquartered in Mumbai, Trend Micro is a leader in IT security. The company develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

While the country is still reeling under the recent hacks by hacker group calling itself Legion, the group that claimed to have compromised databases belonging to banking institutions, government email servers and the databases of a leading hospital; if recent reports are to be believed there is more in store. India\'s share in ransomware attacks continues to rise and currently stands at 16.9 percent.

Several large companies today are under the purview of ransomware attacks, and the impact is only getting advanced with time. The entire cybercriminal world has been taken over and it seems like there is no end to it. What\'s alarming is the fact that while enterprises in India are spending more on cybersecurity each year, organizations are still not confident of their ability to sense, resist and respond to cyber threats. Our earlier reports stated had that over 180 Indian companies were victims of Ransomware online extortion schemes in the first six months of the year 2016, causing a loss of whopping $3 billion.

To understand this in its entirety, we need to comprehend the modus operandi behind what really motivates cybercriminals, which is largely to instill \'Fear\', at a very primordial level to achieve their larger objective of creating disruption. They extort money from companies with the help of ransomware using fear as an effective tactic. The fear to part with vital information or customer files along with the dreading fear of public exposure makes companies abide by the demands of the attackers. With the number of internet of things (IoT)-enabled devices increasing, ransomware is all set to enter another revolution. Cybercriminals have already started attacking smartphones and the day is not far when wearable devices will also be on their list. In fact, Smart TVs are already under their radar.

As per a recent survey carried out by a leading consulting firm, outdated information security architecture and controls has most increased risk exposure for India over the last 12 months. What is interesting to take cognizance of, is that vulnerabilities related to mobile computing, social media and cloud computing feature prominently as contributing to enhanced risk exposure for corporate India. Among threats, the majority believe that cyber-attacks are primarily targeted at defacing/disrupting organizations or towards stealing intellectual property or data 51 percent, followed by fraud 48 percent.

Enterprises need to be coherent to the fact that attacks are getting more hybrid and many a times difficult to detect. Let\'s understand what needs to be done to navigate through these choppy waters.

The right information is key to block ransomware attacks. Your business can fight any attack if you understand the vital facts, trends, and lesser known facts about ransomware. Some of these revelations are startling enough to warrant the CIO, CSIO, CTO of these organizations to take a closer look at their cyber security framework and ascertain if the necessary checks and balances are in place.

  • The number of ransomware families found between January and May 2016 is 50 - Blackshades, Apocalypse, Jigsaw, CryptXXX are just some of the popular names you would have heard of in 2016. In a typical situation, when a company is attacked by a particular ransomware, others begin analyzing security measures for the same ransomware to stay protected. Cybercriminals of course are aware of this strategy and therefore, keep releasing new mechanisms with every next attack.

  • Most common source of ransomware is SPAM - 76 percent - According to a research conducted by our company, ransomware attacks originate from spam or spammed links sent to end users. Therefore, the first step to be taken by companies is - install stronger spam filters. Only 16 percent of the ransomware attacks come from other sources like hacking, compromised software or malicious apps downloaded from the app store. The remaining 8 percent are said to enter from malware or hampered websites.

  • Ransomware-as-a-service (RaaS) is also a concept - Yes, there are some Darknet services providers who offer Ransomware-as-a-Service (RaaS). They let cybercriminals use their platform, set up a ransom price and bitcoin address. RaaS providers in turn charge 10 percent for every victim who pays ransom.

  • Money lost to ransomware in Q1 2016 - $209million.As per reports of the FBI, $209 million was paid as ransom in just the first three months of 2016. The number obviously kept increasing through the rest of the year, indicating how companies are largely affected by ransomware.

  • India faces 7 ransomware attacks per hour - India ranks third in Asia Pacific when it comes to ransomware attacks. There were around 60,000 in a year, which estimates to 7 every hour. And majority of these were done by crypto-ransomware.

  • 2016 was indeed a watershed year for enterprises in India, with nearly 46 per cent of organizations in India suffering unplanned system downtime, data loss due to external or internal security breaches. It\'s no denying the fact that Ransomware is here to stay, and there is no sure shot one-fix-all solution that would stem this growing malice.

    What\'s needed is a proactive and systematic approach towards having organizations ready and vigilant of impending threats that loom large over most of the enterprises, whether big or small, and having a robust cyber security framework/mechanism in place that would serve as a watchdog over the organization. For instance, our \'Worry Free Services\' aims to proactively stop any ransomware variants. Companies need to deploy end point solutions that come with behavior monitoring along with application control features.