Christine Barry, Chief Blogger and Social Content Manager, Barracuda Networks
When big names like the NHS (UK), FedEx (US), TeleFonica (Spain) and Deutsche Bahn (Germany) all fell victim to the WannaCry ransomware virus in May 2017 the public were finally alerted to what many IT security professionals have known for too long; no organisation, sector or individual is 100% safe from infiltration by malware, particularly ransomware.
Far from targeting these large organisations on purpose, the beauty of ransomware is such that criminals simply release their creations into the wild and wait for them to find their way into whichever system they can. Once they do, the virus will initiate the encryption of data either by unpacking its own encryption files or by contacting the C&C server. Though many organisations can recover their systems using backup data and an effective isolation and recovery procedure, payment of ransoms is an inevitability. In some cases, companies who are ill-prepared for such an attack find it is cheaper and quicker to pay the ransom than to attempt a recovery.
Yes, ransomware is a very effective and profitable way for cyber criminals to attack and there is no reason to suggest that there will be any let-up in events like WannaCry for the rest of 2017. Here are some worrying statistics from 2016 to illustrate exactly why:
- In the first six months of 2016, one group (or individual) made $94 million in profit from ransomware.
- Representing a 500% increase over eight months, 2016 saw a huge increase in the number of ransomware events.
- With around 50 variants of ransomware being identified each month and each variant expected to infect on average 30,000-35,000 devices each month the rate of infection is exponential and represents a huge amount of potential profit.
- Conservative estimates for the predicted profits from ransomware for 2017 stand at over $1 billion.
With the potential benefits being so lucrative and the relatively easy way in which these attacks are instigated (coupled with the low risk of getting caught) there is no suggestion that rates of development, distribution and infection will reduce any time soon.
Worrying developments like the Ransomware-as-a-service (RaaS) now make it even easier for new people to get involved with criminal activities associated with malware distribution. Cerber is one example of RaaS at work and netted over $195,000 in ransom payments in July 2016 alone.
The extent of the publicity surrounding WannaCry might act as a wake-up call to many individuals and organisations who should know that no-one is too big (or too small) to be attacked by ransomware in this way. Cyber-attacks of this nature are not discerning and simply find their way into unprotected systems, wherever that may be. It could be via an email link, attachment, social media campaign, contaminated USB drive or a compromised website. If your network is unlucky enough to fall foul of one of these easily triggered mechanisms then you can expect to face a costly recovery process to restore your systems usability.
Avoiding attacks may not always be 100% infallible but you can start by ensuring that your systems are protected by up-to-date security systems and data protection strategies as well as ensuring staff are trained regularly on the risks of their behaviour to the network. Most importantly, ensuring that your data is kept backed up is essential to assist in a swift recovery from such an attack in order to avoid paying costly ransoms for the return of your data.