Ransomware Raises The Bar Again

  /     /     /  
Publicated : 22/11/2024   Category : security


Ransomware Raises The Bar Again


The infamous form of attack now ranks as the top threat to financial services, but preparedness can pay off for victims.



Ransomware just got even more real: its now the number one attack vector in the financial services sector, which traditionally has been considered a model industry for best security practices.
Some 55% of financial services firms recently surveyed by SANS report ransomware as the top attack threat, followed by phishing (50%), which previously held the top spot. More than 32% of financial firms say theyve lost anywhere from $100,000 to a half-million dollars due to ransomware attacks.
Ransomwares infiltration of the security-forward financial services industry underscores the dramatic rise in ransomware over the past year and growing pressure on preparedness. The malware that infects machines and holds them for ransom payment by the victim is the fastest-growing form of malware today, with more than 4,000 ransomware attacks per day since January 1 of this year. Thats an increase of 300% since 2015, and security experts at Trend Micro say ransomware cost enterprises some $209 million in the first half of 2016.
Attackers are also tucking ransomware alongside and inside other attacks. Some ransomware attacks hold the machine for ransom and then also use it to wage distributed denial-of-service (DDoS) attacks on other victims. More than half of DDoS attacks worldwide ultimately lead to ransomware and other malware attacks, according to a new study by Neustar.
Meanwhile, organizations of all sizes and industries are getting infected with ransomware. The difference between those who get stung and those who survive relatively unscathed is preparedness – and sometimes a little luck.
Take the Hyannis, Mass.-based Barnstable Police Department, which was hit with its first-ever ransomware infection last month. Craig Hurwitz, director of IT at the department, says he noticed something was amiss when the departments dispatch software and records management system stopped working. He took a closer look and spotted files being encrypted and file extensions getting altered.
I tried to get a file and it wasnt there, he recalls. And there was a text file in the directory saying pay me now.
The police department reverted to radio dispatch to patrol cars, and Hurwitz contacted the backup and array vendor from which the Barnstable Police Department had recently purchased a system for data backup and storage capacity, as well as its data timestamp feature. At the time the department purchased the storage array system from Reduxio Systems, it was more about protecting against hard drive corruptions and server crashes. At the time we werent thinking about ransomware specifically, he says.
The recovery process with the backup system took 35 minutes with no loss of data or any ransom payment to the attackers. The malware never spread beyond the application server where Hurwitz found it. They [Reduxio] cloned the drives … and set the timestamp two minutes before the infection had started … and remounted the drives, Hurwitz says.
Backing up data regularly and keeping a clean backup has always been one of the key recommendations for surviving a ransomware infection. Even endpoints running the most up-to-date software, email filters, and other security layers can get hit with ransomware: all it takes is for a user to fall for a phishing email and to open a malicious attachment or link.
But how a backup is managed can be the difference between losing data to the attackers unless you pay, or retrieving data and eradicating the ransomware.
Travis Smith, senior security research engineer at Tripwire, says the old 3-2-1 strategy applies: Always have three copies of data, one that is offsite [or] offline, he says. Whats also very important for companies to adopt in todays ransomware world: weve seen ransomware that targets backup systems, so when you try to bring backups back online you dont have the ability to restore from the backups.
Backups of critical data should be tested at least every six months, he says, to ensure the data is uncorrupted and accessible.
Smith says clean backups work for about three-fourths of ransomware victims. Seventy-five percent are successful [in ransomware recovery] if they have backups, he says, meaning they can get to their data and not pay any ransom to the bad guys.
Users shouldnt be storing critical data on their endpoints, either, he notes. Stick with a shared server for that information. So then you only need to back up one critical server, he says. If a laptop gets infected with ransomware and the data isnt backed up on a centralized server, youve lost that data.
If backups arent done properly, it may be cheaper for an organization to pay the ransom, which is not recommended. Regular backup tests can drive down the cost of data restoration and make it more cost-effective than having to resort to actually paying a ransom if the data isnt properly backed up, he says.
Related Content:
FBI Official Explains What To Do In A Ransomware Attack
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
New Fantom Ransomware Poses As Windows Update
Cerber Ransomware Could Net $2 Million Its First Year

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Ransomware Raises The Bar Again