Hackers still exploiting the human factor to carry out ransomware attacks
Nearly 70 percent of successful ransomware attacks in 2017 were the result of hackers gaining access to enterprise networks by phishing via email or social media network.
Nearly 70 percent of successful ransomware attacks in 2017 were the result of hackers gaining access to enterprise networks by phishing via email or social media network. Around half of such attacks also took place due to the carelessness of employees and in some cases, employees paid ransom to hackers without the sanction of IT security departments.
New research by security firm SentinelOne has revealed several underlying causes behind a spurt in ransomware attacks on enterprises based in the UK. While known factors such as failure of anti-virus software to detect new malware, poor response to ransomware attacks, and lack of ability to decrypt encrypted files have continued to plague enterprises, the human factor continues to be the single largest factor behind the continuance of ransomware attacks on the UK's industries.
A survey of decision makers from IT and risk, fraud and compliance departments at various enterprises in the UK revealed that of those organisations who suffered ransomware attacks in the last 12 months, 69 percent were a result of hackers gaining access to enterprise networks by phishing via email or social media network.
While 44 percent of the decision makers said that ransomware attacks on their organisations took place due to employees clicking on compromised websites, 51 percent said that such attacks took place due to employee carelessness.
According to Migo Kedem, director of product management at SentinelOne, even though CISO's are feeling more confident about their ability to combat ransomware in the future, employees are still considered the main culprits behind ransomware infections.
"Whilst more people now know what a ransomware attack is – not everyone knows how to spot a phishing email from which an attack can originate. Cyber attackers rely on the human factor and take advantage of the growing noise of threats and the decreasing attention to detail.
"Users are manipulated to download and execute malicious code on your endpoints. We're also seeing a growing number of file-less attempts, memory-only malware, document and browser-based exploits, and script-based attacks that can be initiated by insiders. Most of the existing legacy and next-generation AV leave you defenceless against these attacks," he added.
According to SentinelOne, organisations in the UK who suffered ransomware attacks in the past 12 months suffered losses of £591,238 on average. As such, 72 percent of those surveyed said that organisations are quickly turning to cyber-insurance so as to avoid higher fines under the upcoming GDPR. At the same time, some organisations also paid ransom to the tune of £34,845 on average in the past 12 months to recover their files following ransomware attacks.
However, the latter tactic did not really pay off for many organisations. While 58 percent of IT decision makers said that even though their organisation paid the ransom, the extortionist tried to extort a second ransom after receiving the first payment and 42 percent of them said that hackers did not decrypt files even after receiving the payments.
Raj Rajamani, VP of products at SentinelOne, said that instead of paying ransom to hackers or blaming legacy antivirus solutions, a large number of organisations are now employing new solutions to avoid being regularly targeted by ransomware attacks.
"The organisations with the most confidence in stopping ransomware attacks have taken a proactive approach and replaced legacy AV systems with next-gen endpoint protection. By autonomously monitoring for attack behaviors in real-time, organisations can detect and automatically stop attacks before they take hold," he said.