India has a thriving micro, small, medium enterprises (MSMEs) ecosystem of over 40 million business firms fueling the economy and contributing to economic growth. They are also a ripe target for cyber attackers. Why? They are more connected to the internet than ever before, yet their cyber security capabilities are more limited than businesses elsewhere.
The increase in ransomware attacks can be attributed to several factors:
- High-profile media coverage of successful ransomware attacks lures new criminal groups into the field.
- Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fuelling market demand for tools and services corresponding to its propagation.
- The success of prolific ransomware families such as CryptoWall has provided a blueprint for aspiring ransomware developers, showcasing increasing profit margins and campaign sustainability.
- The emergence of ransomware as a service offerings make it easier for new groups to enter the field.
Who is at risk? The short answer: Everyone with a computer on the internet. Ransomware attackers often target essential and highly sensitive information from a wide range of data-centric businesses and industries including health care, law firms, and energy organisations. Governments are not immune. A couple of months ago, reports emerged that crucial financial and accounts at the Kerala Forest Department were compromised by ransomware. The department reportedly had no choice but to forfeit their encrypted files.
Ransomware often infects its victims via the web or email. Web-based attacks tend to use drive-by exploits that target browser, platform or system vulnerabilities, or rely on malicious URLs or malvertising that may redirect users to sites that host exploit kits. Email-based ransomware is generally used in targeted attacks, and relies on a variety of methods including phishing, spear phishing, malicious attachments, and URLs.
Online virtual currencies such as Bitcoin are the preferred methods of payment because they are not easily traceable. Yet paying the ransom offers no guarantee that the files will be unlocked, leading to loss of both data and money.
Given the growing volume and intensity of ransomware attacks, as well as the damage successful attacks can cause, it makes business sense for organisations to consider a security approach that can prevent these threats.
Traditional security solutions rely on static analysis and signatures to detect and block known threats. Ransomware attackers can easily bypass those defences. To reduce the chance of a ransomware attack succeeding, organisations need visibility into their internal system security levels and a strong understanding of the attackers’ tools, tactics, and procedures:
- Email security as first line of defence to block ransomware distributed through email attachments and embedded malicious links.
- Network security solutions such as advanced endpoint technology can identify an attack in progress and block further damage.
- Backup strategies should be tested and evaluated regularly to ensure recovery is successful.
- Copies of backups should be stored offsite in case onsite backups are targeted.
Disruptive attacks have become a legitimate issue and businesses must plan and prepare accordingly. The best way is to detect the ransomware before it disrupts the system of the victim. With the advent of connected devices, it will be no surprise when our power plants, cars, or subways are held to ransom. The best prevention is to be aware, be alert, stay prepared, and buckle up!
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)