According to the recent report ISTR 2016 Ransomware and Businesses of Symantec Corp. ransomware has emerged as one of the most dangerous threats to cyberspace, both for businesses and large organizations, and for consumers in general, with global losses now reaching hundreds of millions of dollars.
In the last 12 months ransomware has reached a new level of maturity and threat. Major ransomware gangs are able to spread their malware on millions of computers. Users hit by ransomware find their valuable data locked with strong and often impenetrable encryption.
The perfection of the business model used by ransomware has created an avalanche mentality among the attackers, as the amount of money they try to extort from their victims is increasing daily. The numbers are constantly increasing, with the number of new ransomware families discovered in 2015 alone reaching 100 and the average ransom demanded by the attackers is US $ 679!
Attacks on businesses are increasing with large-scale ransomware attacks remaining the most widespread form of threat. As demonstrated by two case studies made in Symantec's report, these attacks are characterized by a high level of expertise, using techniques we see most often in cybercrime campaigns.
Μία επιτυχημένη επίθεση σε έναν οργανισμό, μπορεί ενδεχομένως να μολύνει χιλιάδες υπολογιστές, προκαλώντας μαζική λειτουργική ζημιά και σοβαρή βλάβη στα income αλλά και στη φήμη. Μόλις οι συμμορίες του κυβερνοεγκλήματος δουν ορισμένες επιχειρήσεις να υποκύπτουν σε αυτές τις επιθέσεις και να πληρώνουν τα λύτρα, όλο και περισσότεροι εισβολείς ακολουθούν στην προσπάθεια να αρπάξουν το μερίδιό τους από τα πιθανά κέρδη.
Organizations should be fully aware of the threats ransomware poses to them and build against priority on their safety. A multi-layered approach to security minimizes the chance of infection, while educating end users about ransomware is also vital, as dangerous cybercriminals are constantly improving their attack tactics.
In summary, the most important findings of the report are as follows:
- While ransomware attacks have so far been largely indiscriminate, they now show a growing interest in targeted attacks on businesses.
- A large number of ransomware groups have begun using advanced attack techniques, displaying a level similar to cybercrime attacks.
- The service sector is most affected by 38%. Here are the construction and financial sectors with 17%, while insurance, real estate and public administration are also in high positions with 10%.
- The average ransom demand has more than doubled and is at 679 $, from 294 $ at the end of 2015.
- The number of new ransomware families is steadily increasing from 2011 with 2015 recording a record high after 100 new families were discovered.
- The advent of ransomware-as-a-service (RaaS) means that a larger number of cybercriminals can acquire their own ransomware, even with low levels of know-how.
- The switch to crypto-ransomware continues. The new variants that have been discovered so far in 2016 reach 80%.
- Between January 2015-April 2016, the United States suffered more from ransomware, holding 28% in the world ranking. Here are: Canada, Australia, India, Japan, Italy, United Kingdom, Germany, Netherlands and Malaysia.
Advice for businesses and end users
- New ransomware variants appear on a regular basis so you should always keep your security software up to date.
- Maintain the operating system and the rest applications updated, since updates include patches for ransomware security vulnerabilities that are discovered.
- E-mail is one of the main methods of dialing for attacks. Delete any suspicious emails you receive, especially if they contain links and / or unknown attachments.
- Be extremely cautious about any attached file that arrives via Microsoft Office e-mail and advise you to enable macros to view its contents.
- Back up important data to effectively fight attacks from ransomware. Attackers have an influence on their victims by encrypting their valuable files. If the victim has backups, he can restore his files as soon as he realizes and "clean" the attack.
By adopting a multi-level approach to safety, the possibility of contamination is minimized. Symantec has an integrated strategy that protects the ransomware in three stages: Prevention, Restriction and Response.
- Prevention: Εργαλεία όπως τα Symantec Email security, Intrusion Prevention, Download Insight, Browser Protection, and Proactive Exploit Protection (PEP) can fully protect and prevent malicious ransomware attacks and more.
- Restriction: In case of infection, a critical step is to limit the spread of the infestation. Symantec's file-based technologies ensure that any file that a user has downloaded to their computer will not be able to be executed immediately. Symantec has a 24/7 security team responsible for the continuous development and improvement of ransomware issues. The team conducts continuous monitoring of ransomware families and its chainof their distribution, in order to collect all new samples and ensure strong prevention and identification.
- Correspondence: The Symantec Incident Response (IR) team is always there to help businesses respond and recover their data after a ransomware attack.
Symantec's full report on business protection from the ransomware titled Ransomware and Businesses 2016: An ISTR special report available for download here!
