Over a third of UK firms has suffered a ransomware attack by hackers, according to the research published by IT security firm Eset. The news comes as criminals launch a fresh wave of such attacks exploiting a vulnerability in Adobe's Flash Player software.
The survey of 200 security professionals attending Infosecurity Europe earlier this month also found that 84 per cent of respondent believed their company's reputation and infrastructure could be seriously damaged if a ransomware infection happened to them.
Nearly a third (31 per cent) admitted they would pay up a hacker's demand for cash if their machines were hit by a ransomware infection because the alternative would mean losing all the data on their computer.
A lot of ransomware attacks have taken the form of a notice purporting to be from a law enforcement agency requiring payment of a fine for an offense the victim has not carried out.
Recently, a wave of ransomware attacks have used a recent flaw in Adobe Flash to infect machines with the Cryptowall ransomware. The vulnerability has been added by hackers to the Magnitude exploit kit, according to an independent security researcher who goes by the moniker of “Kafeine”. This makes updating to the latest version of or banning Flash a much higher priority than before.
Mark James, security specialist at ESET, told SCMagazineuk.com that ransomware is a “very real threat in the UK”.
“It is so effective that once the files have been encrypted, users as well as business who do not protect themselves by backing up their data or using a good internet security product see no way out except to pay the ransom. This fuels the criminals and causes a vicious circle, in effect funding the development of the product for the criminals themselves,” said James.
Lookout's vice president for EMEA, Gert-Jan Schenk told SC that the challenge with Ransomware is that the bad actors have figured out a very good business model.
“Think about it - people have a high amount of either sensitive business data on their devices or precious information, including pictures, contacts, finances and so on. When given the option to pay a few bitcoins to regain control of their devices, the victim will be quick to acquiesce,” he said.
“This is especially true with BYOD devices, which are being targeted more as they contain more sensitive information which the owner is prepared to protect and pay to recover.”
George Quigley, partner in KPMG's cyber-security practice said he has noticed an increased threat from ransomware over the last few months.
“More and more companies are being targeted and the level of time and resource spent on dealing with it is increasing,” he told SCMagazineUK.com.
“It's important that people realise that this threat is real and that it exists because of two factors. The first is that the expertise can be bought, you don't need to be an expert to do this. The second is that the economics make it more than viable. Companies should revisit their risk assessments in light of this and make sure that they are still appropriate. Remember that dealing with this will require a mixture of training and awareness and a security aware culture in addition to technology measures.”
Konrads Smelkovs, a manager in KPMG's cyber security practice added that the threat drove home the point that traditional anti-virus solutions aren't infallible.
“The criminals use tools called “crypters” which obfuscate the malware until it is not recognised by the anti-virus products,” he told SC.
“You need different tools to protect; it also drives home the point about backups and data archiving. Some customers have had a very expensive disaster happen to them when they noticed that their backed up data contained only ransomware encrypted data.”
James said that that there are many ways to restore data but they all involve restoring from a backup, “whether that's a shadow copy and system restore or using a backup program to backup and restore from offsite copies, its all the same”.
“Often the encryption methods used are the same as most commercial encryption companies will use and in theory will not be easily decrypted.”
James added that organisations needed to use a good point-in-time backup solution that takes regular snapshots and stores them ideally offsite for protection.
“You must ensure they are tested at regular intervals and that you are able to retrieve information from the backups themselves. You should also consider how often your backups will take place in relation to how often you use your data,” he added.
“Recovery of said data is extremely important as your downtime is lost revenue in most cases and having your backup solution automated will give you piece of mind that you're protected not only in the unfortunate circumstance of a ransomware infection but also hardware (or human) failure.”