Ransomware is becoming big business for cyber-attackers. You only have to glance at the recent media coverage from the BBC on the ‘alarming’ rise of ransomware attacks to get a feel for how it’s having a massive impact on businesses. Here’s a brief overview of what ransomware is and what the risks are to your organization.
What is Ransomware?
Ransomware is a type of malware that encrypts the files and data on infected machines. This includes other machines that the original infected PC is connected to, such as servers and other networked PCs. Ransomware prevents access to those files until a ‘ransom’ is paid to the criminals behind the attack to unscramble the data.
What’s the risk to your company?
The biggest risk within a corporate network is that the ransomware has the same access to files and data as the person who uses the infected machine. This can be especially dangerous if an executive is successfully targeted, as such highly privileged users often require access to vast quantities of company data.
Another major ransomware risk is a social one. If an employee is given the option to pay and conceal the fact that they accidentally triggered an infection, they may do so out of fear of losing their job. However, the malware will still reside on the computer after the ransom is paid and can act as a Remote Access Toolkit (RAT) to capture screenshots, keystrokes and network traffic. This includes sending files and passwords back to the attackers to sell or use for executing further attacks against the organization.
Ransomware attacks are becoming more targeted and sophisticated on a daily basis. Organizations are being specifically targeted by attacks, which are carefully and socially-engineered to trick employees, rather than the more common mass-mailing approach.
These attacks are designed to combat traditional security controls, and boost the chances of an infection being successful, e.g. the criminal may plant the ransomware on a seemingly-innocuous website and then circulate the website link to specific individuals within a target organization, encouraging them to click the link and trigger the download. This enables the first stage of the attack to bypass some traditional security controls as the original email has no malicious content, and by clicking on the infected link, the user is effectively inviting the ransomware onto their machine.
What are the mitigation strategies for ransomware attacks?
In our next blog, we will look at the mitigation strategies that you can adopt in order to prepare for, and protect your organization against, ransomware attacks