Ransomware: Insight into the rise of an illicit industry · You can’t avoid becoming the target...
Transcript of Ransomware: Insight into the rise of an illicit industry · You can’t avoid becoming the target...
Ready?The future is exciting.
Ransomware: Insight into the rise of an illicit industry
A growing threat
The WannaCry and Petya attacks in May and June 2017, hit almost
100 countries, propelling ransomware into the news.
But these weapons have been around for years.
And are proliferating at an alarming rate…
The defence gap
2016 saw a 400% spike in the number of
ransomware families.
They’re expected to increase a further
25% in 2017¹
But only 4% of businesses say they’re
ready to deal with an attack 2
1. Trend Micro: The Next Tier 8 Security Predictions for 20172. Malwarebytes ‘State of Ransomware’ Reports
What is ransomware?Ransomware encrypts a victim’s data, which is only decrypted when a ransom is paid
But only 47% of victims who pay get their data decrypted3
3. Norton Cyber Security Insights Report 2016
Organized chaos and the birth of VXInspired by UX (user experience) best practice, some cybercriminals encourage payment by making the ‘victim experience’ as smooth as possible. This includes:
• Running call centres to facilitate payments
• Using professionally designed instructions in multiple languages
• Using geolocation to match their actions to different victims
Who is at risk?
69% of attacks recorded in 2016
were aimed at consumers4
However, a fifth of all business have
suffered an IT security incident
as a result of ransomware5
Corporates are attacked by
ransomware once every 40 seconds6
4. Symantec Internet Security Threat Report 20175. Kaspersky Security Bulletin 20166. Kaspersky Security Bulletin 2016
It’s not all about the big guysThough corporates may seem like the richest targets, evidence suggests SMEs are becoming the preferred prey
At least 42% of SMEs have already been hit by ransomware7
7. Kaspersky Security Bulletin 2016
How does it work?While widely-available and free (open-source) tools are being used to exploit the vulnerabilities of specific victims, most attacks are still indiscriminate
80% of successful ransomware attacks use email as a first step8
8. SentinelOne Ransomware Report 2016
Deceptively simple
Why is the humble phishing email still so popular? The answer
is human error.
It makes even the best cybersecurity systems vulnerable. And dangerous emails can be harder to spot than
you might think…
Financial Invoices, orders and payment notifications
The three F’sWhile ‘Spear-phishing’ and ‘whaling’ attacks use personal information to appear credible, un-targeted messages use stealth
X
X
X
Functional Messages from a device like a printer or scanner
Failure 10% of major scam campaigns have some sort of delivery failure message in the subject line9
9. Symantec Internet Security Threat Report 2017
Other ways inWhile email is still the most common, there’s a growing trend towards more refined methods – especially as attackers focus on specific organisations. They include:
Exploit kits
Kits scan machines for vulnerabilities they can use
to cause infection
Secondary infection
Malware can open the door to more malware, allowing attackers to
achieve more via a single infection
Software vulnerabilities
Ransomware can use unpatched software to
spread through a network –and some forms (known as worms)
can do so independently of user activity
Messaging platforms
Many businesses use these tools without
the knowledge of the IT department, leaving
them unprotected
What’s at stake?SMEs typically suffer at least two days of downtime if attacked10
This has helped drive the average total cost of an attack up to $99,00011
10. Intermedia 2016 Crypto-Ransomware Report11. KasperskyLabs and B2B International Survey
More than moneyAs well as the financial costs of responding to an attack, a data breach can do huge amount of ongoing reputational damage (and may lead to legal liabilities)
12. Kaspersky Security Bulletin 2016
67% of corporate victims lose all or part of their data after an attack¹²
To pay or not to pay?As criminals invest more energy in targeted attacks, they’re seeking greater rewards
During 2016, ransoms rose 266%13
Almost half of those who pay never retrieve their data and evidence suggests doing so can lead to repeat attacks
Fewer than 1 in 4 attacks are reported14, these figures may be far worse
13. Symantec Internet Security Threat Report 201714. Norton Cyber Security Insights Report 2016
What to do if you’re hitPaying cybercriminals encourages them to keep developing their weapons
Organisations such as nomoreransom.com (set up jointly by law enforcement and security companies, including Europol, Kaspersky Labs and Intel Security) help businesses recover data by other means
How to protect your businessOne of the best defences is to train your staff to:
Never click on links in an email unless you’re absolutely certain the
email is genuine
Be wary of email attachments that advise enabling macros to view
the content
Reply to a sender’s email using an address
copied directly from the corporate address book,
not the reply button
Delete suspicious looking emails, especially those
with links and attachments
www?REPLY
www?REPLY
www?REPLY
www?REPLY
Good technical housekeepingTaking small, regular steps to protect yourself can significantly reduce your vulnerability. Organisations should:
Only install apps on mobile devices from trusted
sources and pay close attention to permissions
requested by apps
Keep operating systems and software
updated with the latest patches
Enforce an effective password policy for all employees to ensure
passwords are strong and changed regularly
Keep security software up-to-date to protect
against new ransomware variants
If you have your data, they have nothing
Ransomware rarely involves data being ‘stolen’. It’s usually
just unreadable
Backing up data is therefore the single
most important precaution you
can take
Multi-generational back up is by far
the safest option
Ransomware variantsLooking aheadThe ransomware threat is only going to grow. We expect to see a rise in: Well-planned, targeted attacks
Threats affecting mobile and smart devices
Attacks using IoT networks to affect industrial control systems
Ransomware used with other types of attack (for example, cybercriminals who steal data may also encrypt it)
Patch your software to keep it current and protected from recently discovered vulnerabilities
ConclusionYou can’t avoid becoming the target of a ransomware attack, but you can ensure you’re not a soft one.
These four basic steps will help to keep your business safe
Back up, back up, back up. And back up again
Use email security, properly configured network protection, and threat-defence or anti-virus software on all your endpoints, including servers laptops and mobile devices
Promote user awareness around the dangers of phishing attacks
Want to talk about cyber security?
Contact your Account ManagerPhone +44-1635-813615Email [email protected]
www.vodafone.com/business/security
vodafone.com/businessVodafone Group 2017. This document is issued by Vodafone in confidence and is not to be reproduced in whole or in part without the express, prior written permission of Vodafone. Vodafone and the Vodafone logos are trademarks of the Vodafone Group. Other product and company names mentioned herein may be the trademark of their respective owners. The information contained in this publication is correct at the time of going to print. Any reliance on the information shall be at the recipient’s risk. No member of the Vodafone Group shall have any liability in respect of the use made of the information. The information may be subject to change. Services may be modified, supplemented or withdrawn by Vodafone without prior notice. All services are subject to terms and conditions, copies of which may be provided on request.