India has a thriving micro, small, medium enterprises (MSMEs) ecosystem of over 40 million business firms fueling the economy and contributing to economic growth. They are also a ripe target for cyber attackers. Why? They are more connected to the internet than ever before, yet their cyber security capabilities are more limited than businesses elsewhere.
The increase in ransomware attacks can be attributed to several factors:
Who is at risk? The short answer: Everyone with a computer on the internet. Ransomware attackers often target essential and highly sensitive information from a wide range of data-centric businesses and industries including health care, law firms, and energy organisations. Governments are not immune. A couple of months ago, reports emerged that crucial financial and accounts at the Kerala Forest Department were compromised by ransomware. The department reportedly had no choice but to forfeit their encrypted files.
Ransomware often infects its victims via the web or email. Web-based attacks tend to use drive-by exploits that target browser, platform or system vulnerabilities, or rely on malicious URLs or malvertising that may redirect users to sites that host exploit kits. Email-based ransomware is generally used in targeted attacks, and relies on a variety of methods including phishing, spear phishing, malicious attachments, and URLs.
Online virtual currencies such as Bitcoin are the preferred methods of payment because they are not easily traceable. Yet paying the ransom offers no guarantee that the files will be unlocked, leading to loss of both data and money.
Given the growing volume and intensity of ransomware attacks, as well as the damage successful attacks can cause, it makes business sense for organisations to consider a security approach that can prevent these threats.
Traditional security solutions rely on static analysis and signatures to detect and block known threats. Ransomware attackers can easily bypass those defences. To reduce the chance of a ransomware attack succeeding, organisations need visibility into their internal system security levels and a strong understanding of the attackers’ tools, tactics, and procedures:
Disruptive attacks have become a legitimate issue and businesses must plan and prepare accordingly. The best way is to detect the ransomware before it disrupts the system of the victim. With the advent of connected devices, it will be no surprise when our power plants, cars, or subways are held to ransom. The best prevention is to be aware, be alert, stay prepared, and buckle up!
(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)