Symantec: Enterprise is the most important target of ransomware attacks

According to the recent report ISTR 2016 Ransomware and Businesses of Symantec Corp. ransomware has emerged as one of the most dangerous threats to cyberspace, both for businesses and large organizations, and for consumers in general, with global losses now reaching hundreds of millions of dollars.

Over the past 12 months ransomware has reached a new level of maturity and threat. Significant ransomware "gangs" are able to channel the malware τους σε εκατομμύρια υπολογιστές. Οι χρήστες που έχουν χτυπηθεί από ransomware βρίσκουν τα  πολύτιμα them locked with strong and often impenetrable encryption.symantec ransomware

The perfection of the business model used by ransomware has created an avalanche mentality among the attackers, as the amount of money they try to extort from their victims is increasing daily. The numbers are constantly increasing, with the number of new ransomware families discovered in 2015 alone reaching 100 and the average ransom demanded by the attackers is US $ 679!

Attacks on businesses are increasing with large-scale ransomware attacks remaining the most widespread form of threat. As demonstrated by two case studies made in Symantec's report, these attacks are characterized by a high level of expertise, using techniques we see most often in cybercrime campaigns.

A successful attack on an organization may potentially infect thousands of computers, causing massive operating damage and serious damage to revenue and reputation. Once cyber-gangs see some businesses succumb to these attacks and pay ransom, more and more intruders follow to try to grab their share of potential profits.

Organizations should be fully aware of the threats posed by ransomware and build priority on their security. A multi-level approach to security minimizes the likelihood of infection, and end-user education about ransomware is also vital, as dangerous cybercriminals are constantly improving their attack tactics.

In summary, the most important findings of the report are as follows:

  • While ransomware attacks have so far been largely indiscriminate, they now show a growing interest in targeted attacks on businesses.
  • A large number of ransomware groups have begun using advanced attack techniques, displaying a level similar to cybercrime attacks.
  • The service sector is most affected by 38%. Here are the construction and financial sectors with 17%, while insurance, real estate and public administration are also in high positions with 10%.
  • The average ransom demand has more than doubled and is at 679 $, from 294 $ at the end of 2015.
  • The number of new ransomware families is steadily increasing from 2011 with 2015 recording a record high after 100 new families were discovered.
  • The advent of ransomware-as-a-service (RaaS) means that a larger number of cybercriminals can acquire their own ransomware, even with low levels of know-how.
  • The switch to crypto-ransomware continues. The new variants that have been discovered so far in 2016 reach 80%.
  • Between January 2015-April 2016, the United States suffered more from ransomware, holding 28% in the world ranking. Here are: Canada, Australia, India, Japan, Italy, United Kingdom, Germany, Netherlands and Malaysia.

Advice for businesses and end users

  • New ransomware variants appear on a regular basis so you should always keep your security software up to date.
  • Keep the operating system and other applications up to date as updates include patches for discovered ransomware security vulnerabilities.
  • The electronic is one of the main methods of passage for attacks. Delete any suspicious e-mails you receive, especially if they contain links and/or unknown attachments.
  • Be extremely cautious about any attached file that arrives via Microsoft Office e-mail and advise you to enable macros to view its contents.
  • Back up important data to effectively fight attacks from ransomware. Attackers have an influence on their victims by encrypting their valuable files. If the victim has backups, he can restore his files as soon as he realizes and "clean" the attack.

By adopting a multi-level approach to safety, the possibility of contamination is minimized. Symantec has an integrated strategy that protects the ransomware in three stages: Prevention, Restriction and Response.

  1. Prevention: Tools such as Symantec Email security, Intrusion Prevention, Download Insight, Protection, and Proactive Exploit Protection (PEP) can fully protect and prevent malicious ransomware attacks and more.
  2. Restriction: In case of infection, a critical step is to limit the spread of the infection. Symantec's file-based technologies ensure that any file that a user has downloaded to his computer will not be able to run immediately. Symantec has an 24 / 7 security team that is responsible for the ongoing development and improvement of ransomware issues. The team continuously monitors family ransomware and their distribution chain in order to collect all new samples and ensure strong prevention and recognition.
  3. Correspondence: The Symantec Incident Response (IR) team is always there to help businesses respond and recover their data after a ransomware attack.

Symantec's full report on business protection from the ransomware titled Ransomware and Businesses 2016: An ISTR special available for download here!

 

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

2015patchesransomwarereportsymantec

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).