- Aug 6, 2015
- 306
UK organisations are still not taking ransomware seriously enough and continue to fall prey to this method of low-cost, low-risk cyber extortion, according to security experts.
Cyber criminals simply have to infect computer systems with malware designed to lock up critical data by encrypting it and demand ransom in return for the encryption keys.
The occurrence of ransomware attacks nearly doubled, up by 172%, in the first half of 2016 compared with the whole of 2015, according to a recent report by security firm Trend Micro.
Ransomware, the report said, is now a prevalent and pervasive threat, with variants designed to attack all levels of the network.
Ransomware is typically distributed through phishing emails designed to trick recipients into downloading the malware, or through app downloads and compromised websites.
The business model is proving extremely successful for cyber criminals, as many organisations are not prepared for it, and paying the ransom is often the best or only option open to them.
Two separate studies have revealed that universities and NHS trusts in England have been hit hard by ransomware in the past year.
A freedom of information request by security firm SentinelOne revealed that 23 of 58 UK universities polled were targeted by ransomware in the past year, but all claim not to have paid any ransom.
According to Javvad Malik, security advocate at AlienVault, at least one university may have used sound tactics to minimise the impact.
In a similar study by security firm NCC Group, 47% of NHS Trusts in England admitted they had been targeted, while one single trust said it had never been targeted, and the rest refused to comment on the grounds of patient confidentiality. Only one trust said it had contacted the police.
Whitehouse said that while ransomware writers were sometimes careless in the past so there was often a way to retrieve files, that is seldom the case now, making preparation even more important.
NCC Group recommends a multi-layered approach, applying robust controls such as regular software patching, using up-to-date anti-virus software and educating staff on the risks posed by phishing and ransomware.
Emily Orton, director at security firm Darktrace, said the recent wave of ransomware marked the beginning of a new era of automated attacks.
Automated attacks are always going to be difficult to defend against, said Orton. For this reason, Darktrace believes machine learning and automation are at the heart of a new approach to catch early indicators of ransomware attacks.
Commenting on the fact that only one NHS Trust reported the ransomware attack to police, Jonathan Sander, vice-president of product strategy at Lieberman Software, said it showed that many organisations do not think that law enforcement can help.
Another issue, said Sanders, is that organisations often fail to see what's happening as a crime, but see it instead as an IT issue.
Security firm Sophos has developed a whitepaper advising businesses on how to stay protected against ransomware.
Sophos lists best practices that businesses and public sector organisations should apply immediately to prevent falling victim to ransomware:
Cyber criminals simply have to infect computer systems with malware designed to lock up critical data by encrypting it and demand ransom in return for the encryption keys.
The occurrence of ransomware attacks nearly doubled, up by 172%, in the first half of 2016 compared with the whole of 2015, according to a recent report by security firm Trend Micro.
Ransomware, the report said, is now a prevalent and pervasive threat, with variants designed to attack all levels of the network.
said Raimund Genes, chief technology officer at Trend Micro.
Ransomware is typically distributed through phishing emails designed to trick recipients into downloading the malware, or through app downloads and compromised websites.
The business model is proving extremely successful for cyber criminals, as many organisations are not prepared for it, and paying the ransom is often the best or only option open to them.
Two separate studies have revealed that universities and NHS trusts in England have been hit hard by ransomware in the past year.
A freedom of information request by security firm SentinelOne revealed that 23 of 58 UK universities polled were targeted by ransomware in the past year, but all claim not to have paid any ransom.
According to Javvad Malik, security advocate at AlienVault, at least one university may have used sound tactics to minimise the impact.
he said.
In a similar study by security firm NCC Group, 47% of NHS Trusts in England admitted they had been targeted, while one single trust said it had never been targeted, and the rest refused to comment on the grounds of patient confidentiality. Only one trust said it had contacted the police.
said Ollie Whitehouse, technical director at NCC Group.
he said.
Whitehouse said that while ransomware writers were sometimes careless in the past so there was often a way to retrieve files, that is seldom the case now, making preparation even more important.
he said.
NCC Group recommends a multi-layered approach, applying robust controls such as regular software patching, using up-to-date anti-virus software and educating staff on the risks posed by phishing and ransomware.
Emily Orton, director at security firm Darktrace, said the recent wave of ransomware marked the beginning of a new era of automated attacks.
she said.
Automated attacks are always going to be difficult to defend against, said Orton. For this reason, Darktrace believes machine learning and automation are at the heart of a new approach to catch early indicators of ransomware attacks.
she said.
Commenting on the fact that only one NHS Trust reported the ransomware attack to police, Jonathan Sander, vice-president of product strategy at Lieberman Software, said it showed that many organisations do not think that law enforcement can help.
he said.
Another issue, said Sanders, is that organisations often fail to see what's happening as a crime, but see it instead as an IT issue.
Security firm Sophos has developed a whitepaper advising businesses on how to stay protected against ransomware.
Sophos lists best practices that businesses and public sector organisations should apply immediately to prevent falling victim to ransomware:
- Backup regularly and keep a recent backup copy off-site
- Do not enable macros in document attachments received via email
- Be cautious about unsolicited attachments
- Do not give users more login power than they need
- Consider installing Microsoft Office viewers to see what documents look like without opening them in Word or Excel
- Patch early, patch often because ransomware often relies on security bugs in popular applications
- Keep informed about new security features added to your business applications
- Open .JS files with Notepad by default to protect against JavaScript borne malware
- Show files with their extensions because malware authors increasingly try to disguise the actual file extension to trick you into opening them
