Ransomware malware: a rising threat to businesses

RansomwareIn this day and age, everyone is troubled by the menace of computer malware — unwanted and malicious software code that hacks computer systems, causing malfunction, data theft and loss of business. Typically, malware tends to rapidly spread to targeted and non-targeted individuals and businesses, making it one of the major threats in today’s digital world.

Many organizations have stepped up their cybersecurity efforts to safeguard against both traditional and new threats. It has been observed that many traditional threats tend to morph themselves into new age threats with added complexity. This makes it difficult to detect and prevent them from causing destruction or trouble.

The latest addition to such threats is ‘Ransomware’. It is turning out to be a nightmare for companies that have, in many cases, previously encountered the repercussions of a simple virus attack.

What is Ransomware?

Ransomware is a highly sophisticated malware that bypasses the traditional layers of security and makes the user’s computer files inaccessible, either by locking them up or encrypting them. The user is then asked to pay a ‘ransom’ to cybercriminals to regain access to his/her own data. Ransomware can be sent to a user’s computer via an e-mail attachment or a malicious website. Once opened, it infects the computer, automatically encrypts files, which may include sensitive and confidential business documents, and issues an electronic ransom note. Many hackers also use traditional and direct hacking techniques to first infect computers that are exposed to the internet and not secured properly, such as servers.

Once a Ransomware has successfully encrypted or locked user files, it could spread over the network to other machines and inconspicuously carry on infecting other users. Once done, it may generate a pop-up or text file with instructions to pay the ‘ransom’, which technically could be the only way to decrypt the files back. This ransom may be demanded in bitcoins, in some cases to the tune of 1 bitcoin (about INR 30,000) per machine.

The encryption technique is based on 256 bit public key cryptography and practically cannot be broken.

Malware infections and remediation are quite common and can be spread very easily through vulnerable technology or low awareness among users. Although the initiation process of a Ransomware is quite similar to that of a typical malware, the impact is much more agonizing for IT security teams and businesses at large.

It is believed that an estimated 30% of Ransomware victims pay hackers to regain their data. According to research on Crypto Wall Ransomware campaign by a cybersecurity industry group, such attacks have given rise to over USD 300 million in ransom income from a single source or entity.

Cybercriminals tend to target companies that have highly confidential or critical data, as these companies are more susceptible to pay ransom to retrieve their data. Hence, businesses, financial establishments, government organizations, academic associations and other organizations carrying highly sensitive data should make use of all of the security measures available.

Ransomware blog

How does it affect business?

  • Ransomware can damage the reputation of a company and can also impact financials, especially if intellectual property and other relevant information are compromised
  • With increased adoption of digital technology, there could be a variety of vulnerabilities within an organization that could affect them if they are infected by Ransomware
  • A potential Ransomware attack can result in the loss of sensitive or proprietary information, interruption to regular operations and business continuity. The attack can escalate from being an incident of data loss to an incident of data breach, in case the expected ransom is not paid.
  • A Ransomware attack can cause significant financial loss if the ransom amount is paid

What is it that organizations can and should do?

At organizational level, companies should have a proactive approach outlined for securing information.

  • Permissions to access files and servers should be regulated, restricted and monitored in a systematic and layered manner
  • Anti-malware protection should be upgraded to deal with Ransomware and similar threats
  • Sufficient guidance should be provided to users who encounter an indicator of compromise
  • Backup policies and techniques should be upgraded
  • Use of unauthorized media and internet sources should be blocked
  • Access to unauthorized software should be restricted
  • An incident response team needs to be on-board to deal with specific risks such as Ransomware

Conclusion

Ransomware will continue to be a serious challenge, not just for information security professionals but also for business leaders and decision makers. As cybercrime increases, and cyber criminals exploit vulnerabilities in prevalent technology to their advantage, the next-generation Ransomwares promises to be more threatening.

It is imperative that corporates take cognizance of this threat and take proactive measures to safeguard their interests.

Follow @EY_India and track #EYForensic for regular updates


3 thoughts on “Ransomware malware: a rising threat to businesses

  1. Interesting Article and indeed a very dangerous threat to the Industry. Is the “Crytpolocker prevention toolkit” more effective than the standard best practice prevention techniques or do we consider this as an additional level of recommended protection?

  2. Another category of ransomware encountered was the DDOS attacks. where the attacker would target financial institution and online shopping merchants. He would launch a sample attack and demands for bitcoins. If not paid he may launch a bigger attack. This kind of attack is slightly different from malware but its indeed a BIG threat and new ways to get ransom.

  3. Another category of newly emerging ransomware is DDOS attacks. where the attacker would target financial institution and online shopping merchants. He would launch a sample attack and demands for bitcoins. If not paid he may launch a bigger attack. We all are agree that DDOS is very old fashioned but the way it changed its motive is a very potential threat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s