Ransomware: a word that could strike fear into the heart of every cyber security manager across the board. When it comes to maintaining a secure network, all it takes is for one adverse strain of software to compromise the protections set in place. Ransomware is exactly what it sounds like: Somehow, via a phishing attempt or a visit to a compromised website, a malicious program is downloaded onto an unwitting user's computer. The program then encrypts the user's hard drive and important files and then forces the owner to pay a sum of money in exchange for the key to the encryption.
It's the classic ransom scheme. In the old movies, the villain would kidnap the director's daughter, then force the billionaire to fork over a huge amount of cash in return for her safety. The concept of ransomware is similar – except in this case, the damsel in distress is your hard drive, with your business or your personal finances on the line.
Cyber security managers and consumers alike are asking: Why do ransomware intrusions so often succeed? Why does this kind of malware continue to be a problem for people and offices around the world?
It's everywhere
Perhaps due to the success that previous strains have met with, ransomware is extremely prolific. As of the end of June, according to Trend Micro researchers, at least 50 new families of ransomware had emerged within the last six months. This number appears in stark contrast with the combined total of 49 that appeared in 2014 and 2015.
This means that no matter where you look, there are ransomware attacks happening on a massive scale. Emails containing malware are cropping up across the spectrum, and the number of people who fall for the tricks continues to grow. Whether the malware is hidden in an official-looking email or sneaking around on suspicious websites, people are clicking on links they shouldn't be and infecting their devices with these devious programs.
The fact of the matter is that the cyber criminals that are trying to extort money out of large corporations are becoming smarter. The emails they're sending out (like the ones used in business email compromise schemes) are attracting less savvy computer users who really are just trying to print out expense reports. The ubiquitous nature of these kinds of attacks demonstrates the clear importance of finding a strategy to deal with ransomware.
The trouble with taxes
The problem isn't just one for enterprises, either. The public sector is dealing with the repercussions of a tax season fraught with issues, according to Bob Sullivan. At the end of June, Ohio Auditor of State Dave Yost told employees of his department – the ones that are responsible for spending taxpayer money – that they need to be more diligent in helping to defend the department against ransomware intrusion.
"We've all seen and heard about the criminals who try to steal our personal funds," Yost said. "These scammers would like nothing more than to get their sticky fingers on our tax dollars, too. "We need to be vigilant because they are becoming increasingly sophisticated in how they attempt to steal money through the internet."
This warning comes after a stressful tax season as far as cyber security goes. Trend Micro researchers reported at the end of March that the malware strain PowerWare (or RANSOM_POWERWARE.A) was infecting and abusing Windows PowerShell in order to get into users' systems and encrypt their tax forms from previous years.
"[A]part from encrypting files commonly targeted by ransomware, PowerWare also targets tax return files created by tax filing programs," the researchers wrote. "For users and organizations, losing current and previous years' records can be a hassle, sometimes costly."
Bigger fish to fry
Cyber criminals are getting smarter about the parties they target, as well. According to InfoWorld contributor Fahmida Y. Rashid, the recent increase in ransomware attacks is thanks to the success that other incidents have met with. The number of ransomware domains has increased 35 fold, and malicious attacks like these cost victims $209 million in just the first quarter of 2016, according to the FBI; in direct comparison with the $24 million lost in all of 2015, this is a staggering amount of money.
"Criminals are constantly creating new domains and subdomains to stay ahead of blacklists and other security filters," Rashid wrote. "The fact that the attack infrastructure for ransomware is growing is a good indicator that more cyber criminals are shifting their energies to these operations."
These cyber criminals are turning their attention to bigger-picture goals: Instead of targeting the little old lady with $23 to her name, they're going after multi-million dollar corporations and health care conglomerates. This is why the amount of money lost in just the first few months of 2016 is so high.
GCN contributor Karen Epper Hoffman made a similar assessment. The reason ransomware attacks are so successful – or that the criminals come out with so much money – is that they are choosing these larger firms with deeper pockets to dangle their fishing lines in. The House of Representatives was an especially high-profile target, and the fear of ransomware was so strong that third-party email providers like Gmail and Yahoo Mail were banned from government offices.
"As actors become more sophisticated, it has become paramount for the FBI and DOJ to coordinate and collaborate closely with the private sector and foreign law enforcement partners to understand how the variant works, what vulnerabilities exist, what legal options can be utilized and where the actor's infrastructure is located," wrote Peter J. Kadzik, assistant attorney general. "This collaboration is also used to prioritize law enforcement efforts and target the highest priority botnets and malware variants."
In other words, Kadzik wanted to rally these government departments and law enforcement teams to try to combat the rise of ransomware within even the public system. These malicious programs are making headway in both the public and private sectors, and it's going to require a concerted effort in order to keep systems secure.
What can be done?
As with any kind of phishing scheme or cyber threat, education is key in preventing attacks of this nature. Making sure employees – be they high-ranking government officials or someone pulling TPS reports – are well-versed on what phishing scams are and what they look like, along with educating the workforce on how to minimize the impact of such an intrusion, is essential to maintaining a secure environment.
As hackers are spurred by successful ransomware attacks, it's critical the users know how to protect themselves. Conducting employee training is one of the best ways to prevent ransomware from infiltrating your systems, along with investing in effective cyber security software.
