It’s boomtime for ransomware and the cybercriminals making easy profits using this virulent strain of malware. The ransomware epidemic will not come as a surprise to the NHS, who recently had thousands of computers frozen by the WannaCry virus.
What can we learn from the spread of ransomware around the world? And what can organisations do to resist the onslaught of attacks?
A ransomware infection often starts with spam. Hackers use social engineering to nudge users into saving attachments or clicking links that look genuine. Emails may appear to be a request from the CEO, a parking fine notification, or a penalty notice from HMRC. Users are often scared into action, believing that something bad will happen if they don’t act quickly. But not all infected computers are the result of user error. In the case of the NHS and WannaCry, hackers exploited a known vulnerability in Microsoft Windows to gain entry into unpatched systems.
A popular exploit kit used by cybercriminals, called Angler, allows for drive-by downloads, in which malware is downloaded automatically when a user visits an infected site. The download happens in the background, without the user’s knowledge. These kinds of technologies are not just the preserve of expert hackers or international criminal gangs; anyone with criminal intent can access ransomware-as-a-service offerings on the underground Tor network, making cyber-crime as easy as setting up a website.
This demonstrates how unsophisticated some hackers are. These are rarely master criminals; they are often just chancers who recognise an opportunity for making easy money. And because web technologies allow ransomware to be deployed and utilised remotely, with money collected using anonymous crypto-currencies like Bitcoin, there is the lure of consequence-free crime. Why risk jail time for the takings in a petrol station when you can work from home and watch your Bitcoin wallet slowly fill? Of course, some of these perpetrators are caught and tried; there is no such thing as the perfect crime.
The ease of use of these tools might be one reason for their proliferation, and may explain why ransomware is on the rise. Security software company Sophos detected thousands of new pages booby-trapped with Angler every day in May 2015. And in their annual security survey, SonicWall reports that ransomware attacks increased by 167x year-on-year and was “the payload of choice for malicious email campaigns and exploit kits”.
The rapid rise of ransomware does pose new threats for organisations, but many of the treatments are familiar. Organisations must start with fully patched and up-to-date software and systems. Every uninstalled update is a potential backdoor for an opportunist cyber-crook.
Security systems must also be in place to limit the spread of any infections that take place, and to alert administrators to their existence before they do lasting harm. Backups provide protection against encrypted files and frozen machines. Training is the best way to ensure employees understand the evolving risks. And given the high stakes of IT security, this training should be regularly refreshed so all staff understand the vital role they play in digital defence.
