Ransomware is increasing in stealth and sophistication and shows no sign of slowing down. In fact, increasingly, no industry is safe from harm. We've already seen healthcare emerge as a prime target for hackers, with users around the world agreeing to pay ransoms rather than losing their data. And, with potential for ransomware risks to move into the kinetic realm – impacting critical infrastructure – it would be imprudent for us to ignore the risks these unrelenting attacks could pose if holding to ransom things like clean water, electricity and transportation. But as financial motivations rise and our security defences fail to keep up, the likelihood of savvy criminals monetising the loss of what we hold most dear, is becoming more and more common.
There are the four critical concerns regarding this ransomware frenzy and why organisations need to wake up to avoid getting caught out.
Ransomware isn't stagnant, it's constantly evolving
Firstly, whether your organisation is the victim of a crypto-type ransomware exploit that encrypts files, or one that blocks access to an entire system, the standard security solutions in place today may no longer be sufficient. New variants of ransomware are constantly being developed as cyber-criminals employ a constantly evolving array of techniques to bypass security systems. In fact, the adversaries who develop ransomware have become so sophisticated that many of them are offering ransomware-as-a-service, giving their less knowledgeable counterparts access to the latest exploit kits and in turn widening the pool of potential victims.
If ransomware evolves, so must prevention tactics
Secondly, the explosion of mobile devices and the Internet-of-Things has exponentially increased opportunities for entry points for ransomware attacks. Conventional endpoint protection that relies on signature-based detection is no longer up to the task of finding ransomware before it strikes. In the case of fileless ransomware, malicious code is either in a native scripting language or is written straight into memory by legitimate tools such as PowerShell, without being written to disk, making it difficult to analyse using signature based methods or sand-boxing.
By introducing solutions that use machine learning capabilites to look at behavioural-based Indicators of Attack (IoAs), businesses can block attacks before they execute in the system. Once ransomware enters undetected, data is immediately encrypted and inaccessible, or systems are locked down. As critical infrastructure becomes a target, that means increasingly, prevention is the only recourse.
Losing compliance status
An additional concern is regulatory legislation. Most organisations retain sensitive data and are enforced to mandate its protection. When a breach happens and data is exposed, the victim organisation is obliged to inform its customers and partners. With the GDPR in mind, organisations could incur substantial fines if the data protection is impacted. So, even if data isn't stolen, telling constituents there has been a breach can have serious implications for an organisation's brand, including loss of customer confidence.
Data recovery is no walk in the park
What's more, the cost and complexity of recovering files after a ransomware attack is increasing the likelihood that companies, particularly smaller organisations, pay the ransom.
Even with a comprehensive backup system, more and more attacks target back-up servers and infrastructure. Though the attack may begin on one laptop, the ransomware could have access to other systems connected to that device, resulting in a costly drain on IT resources as they struggle to pinpoint and contain the damage. Even worse, if organisations are the victim of a new ransomware variant that's able to delete their backup files, recovery won't be an option.
Since ransomware kits are now readily available on the Dark Web, there have even been cases where some less savvy hackers were unable to decrypt files, even after the ransom was paid. When even payment of the ransom doesn't guarantee data recovery, businesses simply must revise our approach.
Advanced techniques = advanced protection
While there is no silver bullet to prevent ransomware, there are steps organisations can take to secure information and infrastructure. Defences such as blocking known threats, patching vulnerabilities and detecting and preventing signs of intrusions are all critical first steps.
Lacking advanced prevention means businesses cannot quickly identify malicious activity to isolate it and prevent it from executing. Only the combination of sophisticated prevention technology and tactics including machine learning and behavioural-based prevention will be able to truly support enterprises in preventing damaging intrusions moving forwards.
Contributed by Mike East, VP EMEA, CrowdStrike
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.