If you ask the Washington, D.C.-based Institute for CriticalInfrastructure Technology (ICIT), this is the year when"ransomware will wreak havoc on America's critical infrastructurecommunity," including financial services.
|Ransomware basically locks the data on a computer — or thecomputer itself, or even an entire system or network — so thatusers cannot gain access to data or processes; it then holds thesystem and its data hostage, or even threatens destruction of thedata, until the system's owner pays a ransom for its release. Therecent decision by Hollywood Presbyterian Medical Center to payhackers $17,000 in bitcoin to release its entire digital networkhas highlighted just one of the dangers posed by such threats.
|In the ICIT Ransomware Report, provocatively titled "2016 Will Be the Year Ransomware Holds AmericaHostage," the authors lay out the threat posed by this risingform of hacking, which "is less about technological sophisticationand more about exploitation of the human element."
|Malware installation
Ransomware can arrive on a computer system the same way othermalware does, but ransomware threat actors — those who hold thedata hostage — aren't usually able to breach systems themselves.Instead they rely on a variety of methods to get their malware ontothe systems they deem ripe for plucking.
|Why should you care about ransomware? Simple: ICIT says that"financial institutions are likely the next major sector to betargeted by ransomware, if their systems have not been infectedalready." Ransomware attackers are 21st centuryhighwaymen, the report says, "threatening the lifeblood of theirvictims — information" and "law enforcement has neither the timenor the resources to track down the culprits."
|In fact, if infected by ransomware, law enforcement itself oftenpays the ransom simply to regain control over its own computersystems. If the good guys are reduced to paying ransom, what's afinancial services company to do — particularly since the cost ofbeing locked out of customer data can be far higher than payingransom?
|User awareness is key to deterring attacks
One thing companies can do is make sure that personnel are moreaware of common ransomware attacks, since, as the report says,"[o]nly a societal cybersecurity reformation in user awareness andtraining will deter the attackers."
|The importance of not clicking on unknown e-mails orattachments, or even ads on reputable sites, and of learning torecognize bogus e-mails and ads, should be impressed on allstaffers from top to bottom at financial firms. In addition, allpersonnel should be warned not to use unsecured devices for clientdata, connect unprotected personal devices (such as flash drives)to company systems and to keep their own antivirus protection up todate. Last but not least, firms should keep their own systemprotections current, ensure that all third-party vendors arethoroughly checked out, and have a plan in place to respond ifthey're infected.
|To that end, here are seven ways the report says ransomware cangain a foothold at your company:
||
1. Traffic distribution system
As if you needed another reason that watching porn at work is abad idea. Traffic distribution services redirect Web traffic to asite hosting an exploit kit. That traffic can be pulled from adultcontent sites, video streaming services or media piracy sites.
|Some ransomware groups may even hire a traffic distributionservice to spread their ransomware. If the host is vulnerable tothe exploit kit on the landing page, then the malware is downloadedonto the system as a drive-by download, sometimes without theuser's knowledge.
|Related: More companies are buying Cyber coverage, Marshsays
||
2. Malvertisement
As with a traffic distribution service, a maliciousadvertisement can redirect users from a harmless site to amalicious landing page. Malvertisements may appear legitimate andcan even appear on trusted sites if the administrator is fooledinto accepting the ad provider or if the site is compromised.
|Malicious threat actors can purchase traffic from malvertisementservices. Redirected victims can be purchased according togeographic location, time of day, visited site and a number ofother factors.
||
3. Phishing e-mails
These are the primary delivery methods of ransomware, simplybecause people are so conditioned to open e-mails and click onlinks and attachments. Even with training and awareness programs,the report said, most organizations find it difficult to reducesuccessful spear phishing attempts to less than 15% ofpersonnel.
|Botnets send spam or tailored phishing e-mails randomly or topersonnel within an organization. According to Symantec, ransomwaree-mails tend to masquerade as mail delivery notifications, energybills, résumés, notifications from law enforcement or taxreturns.
|Related: 4 common but dangerous cyber threats and steps toaddress them
||
4. Downloaders
Malware can be delivered onto systems through stages ofdownloaders to minimize the likelihood of signature-baseddetection. Ransomware criminals pay other threat actors to installtheir ransomware onto already infected machines.
|Ransomware could even act as a mask for a deeper malwareinfection unsuspected by users that will remain even after theransomware is removed.
||
5. Social engineering
Social engineering and humanignorance can conspire to get people to install the malware ontheir own computers.
|The report pointed out that fake antivirus applications tellusers that their computer is at risk of numerous debilitatingviruses, and performance optimizers convince users that theirsystem can achieve better results.
|Even locker ransomware (which locks a user out of a system,rather than encrypting the data the system contains) that appearsas a malvertisement on other sites depends on users clicking on theprompt to initiate installation.
||
6. Self-propagation
Usually a form of crypto-ransomware (which encrypts a user'sdata), some forms of ransomware are able to self-replicatethroughout a network much as other kinds of malware do — such asspreading through a user's contact book via messages into othersystems. ICIT said that self-propagating ransomware is likely howmalware will evolve, thanks to the growing interconnectivity of the Internetof Things.
||
7. Ransomware as a service
This is actually the outsourcing of malware to less-technicalcriminals.
|The applications are designed to be deployed by almost anyone,with the original creator of the malware collecting a percentage ofthe ransom as a fee if the person using the creator's ransomware issuccessful at collecting a ransom from the victim.
|Related: Cyber attacks a growing concern around theworld
|Are you following us on Facebook?
|Want to know more about cybercrime? Then join us at America's Claims Event (ACE),where you'll find solutions to the challenges you and yourteam face daily. From technology to customer service to fraud andlitigation, this two-day networking and educationalconference is designed for claims professionals. Register to attend and save$350.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
