The FBI recently issued an advisory on the rise of ransomware, warning governments, law enforcement agencies, hospitals and businesses alike to beware of this increasingly sophisticated form of cyber attack, in which cyber criminals encrypt an organization’s or an individual’s files and demand for a ransom payment in exchange for a decryption key.
Just this year, we saw two high-profile ransomware attacks on Hollywood Presbyterian Hospital in Los Angeles and MedStar Health in Washington, DC, severely crippling their operations and endangering the lives of the patients as communications within the hospital were completely shut down. Hollywood Presbysterian reportedly paid a sum of US$17,000 in bitcoins to regain access to their system.
The United States healthcare sector is not the only one in jeopardy. According to the Asia-Pacific Defence Outlook 2016, South Korea, Australia, New Zealand, Japan and Singapore, dubbed the “Cyber Five”, are nine times more vulnerable to cyber attacks than the rest of their Asian counterparts. This is attributed to the high dependence of these nations on internet-based interactions. As governments in the region look to further harness the Internet of Things (IoT) as a key economic driver, the number of endpoints will increase exponentially, presenting cyber criminals more attack vectors to exploit.
Despite the rise of ransomware, an alarming majority of businesses are still relying on traditional anti-virus as their only form of safeguard against today’s increasingly advanced threats. This gives cyber criminals an easy entry to exploit and turn into a lucrative business model that is growing stronger than ever.
Ransomware as a Business
Ransomware is by no means a new phenomenon. However, it has evolved through time to adapt to and circumvent new defenses. In just five months this year, we have seen at least seven new variants of ransomware, including PowerWare, which utilizes PowerShell, the scripting language inherent to the Microsoft operating systems. The use of PowerShell avoids writing files to the disk and allows the malware to blend in with legitimate activity on the computer, thus averting detection by anti-virus software.
Another rampant trend is Ransomware-as-a-Service (RaaS) – a business model where cyber criminals pay a fee for the distribution of malware or promise a percentage of the ransom paid by an infected user.
While this may be a hard pill to swallow, ransomware has become a very profitable business model and as more user-friendly variants are developed, even those with little cyber know-how can easily deploy various forms of ransomware to exploit companies and individuals.
The Ransomware Remedy
Prevention is better than cure is equally applicable to an organization’s health. While there are decryption tools available for infected systems, cyber criminals have time and again proved to be able to advance their means of attack, overriding existing remedies.
Next Generation Endpoint Security (NGES) is a modern approach towards cyber security that has been specially developed to wrestle the increasingly sophisticated threat landscape. It adopts a proactive stance by continuously scanning, monitoring and collecting data from an organization’s endpoints. By recording an adversary’s every move, security teams can immediately isolate and stop the spread of an attack.
Anti-virus and other more traditional security tactics are simply not enough, and until businesses ramp up their defenses to meet the level of sophistication now found in cyber attacks, they will always be at risk of being the next victim of the ransomware epidemic.