Ready?The future is exciting.

Ransomware: Insight into the rise of an illicit industry

A growing threat

The WannaCry and Petya attacks in May and June 2017, hit almost

100 countries, propelling ransomware into the news.

But these weapons have been around for years.

And are proliferating at an alarming rate…

The defence gap

2016 saw a 400% spike in the number of

ransomware families.

They’re expected to increase a further

25% in 2017¹

But only 4% of businesses say they’re

ready to deal with an attack 2

1. Trend Micro: The Next Tier 8 Security Predictions for 20172. Malwarebytes ‘State of Ransomware’ Reports

What is ransomware?Ransomware encrypts a victim’s data, which is only decrypted when a ransom is paid

But only 47% of victims who pay get their data decrypted3

3. Norton Cyber Security Insights Report 2016

Organized chaos and the birth of VXInspired by UX (user experience) best practice, some cybercriminals encourage payment by making the ‘victim experience’ as smooth as possible. This includes:

• Running call centres to facilitate payments

• Using professionally designed instructions in multiple languages

• Using geolocation to match their actions to different victims

Who is at risk?

69% of attacks recorded in 2016

were aimed at consumers4

However, a fifth of all business have

suffered an IT security incident

as a result of ransomware5

Corporates are attacked by

ransomware once every 40 seconds6

4. Symantec Internet Security Threat Report 20175. Kaspersky Security Bulletin 20166. Kaspersky Security Bulletin 2016

It’s not all about the big guysThough corporates may seem like the richest targets, evidence suggests SMEs are becoming the preferred prey

At least 42% of SMEs have already been hit by ransomware7

7. Kaspersky Security Bulletin 2016

How does it work?While widely-available and free (open-source) tools are being used to exploit the vulnerabilities of specific victims, most attacks are still indiscriminate

80% of successful ransomware attacks use email as a first step8

8. SentinelOne Ransomware Report 2016

Deceptively simple

Why is the humble phishing email still so popular? The answer

is human error.

It makes even the best cybersecurity systems vulnerable. And dangerous emails can be harder to spot than

you might think…

Financial Invoices, orders and payment notifications

The three F’sWhile ‘Spear-phishing’ and ‘whaling’ attacks use personal information to appear credible, un-targeted messages use stealth

X

X

X

Functional Messages from a device like a printer or scanner

Failure 10% of major scam campaigns have some sort of delivery failure message in the subject line9

9. Symantec Internet Security Threat Report 2017

Other ways inWhile email is still the most common, there’s a growing trend towards more refined methods – especially as attackers focus on specific organisations. They include:

Exploit kits

Kits scan machines for vulnerabilities they can use

to cause infection

Secondary infection

Malware can open the door to more malware, allowing attackers to

achieve more via a single infection

Software vulnerabilities

Ransomware can use unpatched software to

spread through a network –and some forms (known as worms)

can do so independently of user activity

Messaging platforms

Many businesses use these tools without

the knowledge of the IT department, leaving

them unprotected

What’s at stake?SMEs typically suffer at least two days of downtime if attacked10

This has helped drive the average total cost of an attack up to $99,00011

10. Intermedia 2016 Crypto-Ransomware Report11. KasperskyLabs and B2B International Survey

More than moneyAs well as the financial costs of responding to an attack, a data breach can do huge amount of ongoing reputational damage (and may lead to legal liabilities)

12. Kaspersky Security Bulletin 2016

67% of corporate victims lose all or part of their data after an attack¹²

To pay or not to pay?As criminals invest more energy in targeted attacks, they’re seeking greater rewards

During 2016, ransoms rose 266%13

Almost half of those who pay never retrieve their data and evidence suggests doing so can lead to repeat attacks

Fewer than 1 in 4 attacks are reported14, these figures may be far worse

13. Symantec Internet Security Threat Report 201714. Norton Cyber Security Insights Report 2016

What to do if you’re hitPaying cybercriminals encourages them to keep developing their weapons

Organisations such as nomoreransom.com (set up jointly by law enforcement and security companies, including Europol, Kaspersky Labs and Intel Security) help businesses recover data by other means

How to protect your businessOne of the best defences is to train your staff to:

Never click on links in an email unless you’re absolutely certain the

email is genuine

Be wary of email attachments that advise enabling macros to view

the content

Reply to a sender’s email using an address

copied directly from the corporate address book,

not the reply button

Delete suspicious looking emails, especially those

with links and attachments

www?REPLY

www?REPLY

www?REPLY

www?REPLY

Good technical housekeepingTaking small, regular steps to protect yourself can significantly reduce your vulnerability. Organisations should:

Only install apps on mobile devices from trusted

sources and pay close attention to permissions

requested by apps

Keep operating systems and software

updated with the latest patches

Enforce an effective password policy for all employees to ensure

passwords are strong and changed regularly

Keep security software up-to-date to protect

against new ransomware variants

If you have your data, they have nothing

Ransomware rarely involves data being ‘stolen’. It’s usually

just unreadable

Backing up data is therefore the single

most important precaution you

can take

Multi-generational back up is by far

the safest option

Ransomware variantsLooking aheadThe ransomware threat is only going to grow. We expect to see a rise in: Well-planned, targeted attacks

Threats affecting mobile and smart devices

Attacks using IoT networks to affect industrial control systems

Ransomware used with other types of attack (for example, cybercriminals who steal data may also encrypt it)

Patch your software to keep it current and protected from recently discovered vulnerabilities

ConclusionYou can’t avoid becoming the target of a ransomware attack, but you can ensure you’re not a soft one.

These four basic steps will help to keep your business safe

Back up, back up, back up. And back up again

Use email security, properly configured network protection, and threat-defence or anti-virus software on all your endpoints, including servers laptops and mobile devices

Promote user awareness around the dangers of phishing attacks

Want to talk about cyber security?

Contact your Account ManagerPhone +44-1635-813615Email cybersecurity@vodafone.com

www.vodafone.com/business/security

vodafone.com/businessVodafone Group 2017. This document is issued by Vodafone in confidence and is not to be reproduced in whole or in part without the express, prior written permission of Vodafone. Vodafone and the Vodafone logos are trademarks of the Vodafone Group. Other product and company names mentioned herein may be the trademark of their respective owners. The information contained in this publication is correct at the time of going to print. Any reliance on the information shall be at the recipient’s risk. No member of the Vodafone Group shall have any liability in respect of the use made of the information. The information may be subject to change. Services may be modified, supplemented or withdrawn by Vodafone without prior notice. All services are subject to terms and conditions, copies of which may be provided on request.