With the General Data Protection Regulation knocking on everyone’s door, breaches will have to be taken more seriously than ever. At the same time, new data indicates that ransomware attacks are rising steeply, which means neither organizations nor regular users can afford to sit around with their arms crossed.
Ransomware attacks doubled in 2017, and were the primary driver of an overall increase in total incidents, according to the latest Cyber Incident & Breach Trends Report from the Online Trust Alliance.
Reported cyber incidents targeting businesses also nearly doubled (from 82,000 in 2016 to 159,700 in 2017). However, since many cyberattacks are never reported, the alliance believes the actual number could be much higher.
Attacks seeking ransom accounted for half of all reported incidents. These included malware-laced phishing attacks, malvertising, drive-by malware, and even a new form of ransomware combined with denial of service (RDoS), where the attacker threatens to attack via denial-of-service if ransom is not paid.
In any case, ransomware has become a massive problem. From the massive WannaCry and Petya/GoldenEye contagions in 2017 to the more recent highly-targeted attacks hitting healthcare providers one after another, everyone is now a blip on cybercrooks’ radar.
Bitdefender predicts that ransomware will become more advanced and more sophisticated in 2018, potentially even using the GPU in your computer to speed up the encryption process. And ransomware-as-a-service platforms will make the threat even more accessible to one-off hackers, boosting the volume and complexity of ransomware samples to emerge this year.
But the real reason ransomware poses such a problem for everyone is its anatomy.
Why is ransomware so popular?
Ransomware is a highly efficient, highly lucrative form of malware. Three major drivers have propelled it to its sudden infamy:
- Ransomware can infect a computer through an array of attack vectors – from social engineering and spam to drive-by attacks, rigged popular applications, vulnerabilities, and malvertising – and render all data on that machine unusable.
- Until recently, you had to know code to hack someone; today, anyone can go to the Dark Web, buy the ransomware of their choosing, and attack.
- The anatomy of ransomware ensures that the damage produced is substantial while the attacker can remain completely anonymous, whether you pay him or not.
How to mitigate risk?
According to the same report, some 93 percent of all breaches could have been avoided had simple steps been taken. These can include:
- regularly update software
- block fake email messages using email authentication
- train people to recognize phishing attacks
- use browser-based scanning for malware
- limit administrative access to data to contain the spread of an infection
- use DDoS protection services to limit the impact of an attack
For large businesses, OTA makes the following recommendation:
“…since some organizations may determine that paying a ransom is the necessary course of action for a given incident, and Bitcoin is the most common form of payment request, it is recommended that organizations set up a Bitcoin wallet in advance. This type of proactive planning is not unlike establishing relationships in advance with crisis management firms, forensics specialists and law enforcement – it is easier to make logical, informed decisions during the calm than it is during the storm.”
However, most cybersecurity experts agree that victims should refrain from paying the ransom, as payment encourages criminals to strike again, and gives rise to new legions of hackers. Some law enforcement agencies advise the same.
At the same time, those same agencies (including the FBI) agree that sometimes the damage from lost data can be so large that it’s better to just pay and hope that the hackers stick to their end of the bargain – decrypt the data. But…
What if I don’t want to pay the ransom?
Since your data is inaccessible and unusable, getting infected with ransomware is the same as having your hard drive fail on you. And, make no mistake, hard drives do fail eventually!
“Viewing ransomware as an imminent hard drive failure points toward the simplest measure you can take: keep regular, offline backups of your important data,” says Bogdan Botezatu, senior e-threat analyst, Bitdefender. “This way, even if you get infected, you can always recover your important data, whether it’s photos of your cat, or millions of dollars’ worth of intellectual property.”
For more peace of mind, use a trusted antivirus solution. Bitdefender offers ransomware protection that sniffs out suspicious behavior before you can make a mistake and get infected. It is particularly paranoid about the security of your Documents folder or any other folder you deem highly sensitive, but it also keeps a close check on all files on your system. For Mac users, Bitdefender offers Time Machine backup protection – to make sure ransomware and attackers can’t touch your backups.