Ransomware was one of the most successful vectors for cyber attacks in 2016. Cyber security experts predict it will continue during 2017. What can business and private citizens do to keep themselves safe online?
Cyber security experts predict it will continue during 2017. What can business and private citizens do to protect themselves online?
“Ransomware is going to continue to be a major problem and, in fact, will probably get worse in 2017.”…USA Today, Jan. 3, 2017
Anyone concerned about security and having just returned from a year’s sabbatical in the Himalayas may not have heard about ransomware. Everyone else knows that ransomware is a sophisticated denial of service attack. The victim opens an innocent looking email attachment or clicks on a link, at which point the attached malware encrypts the victim’s files. The hacker demands a ransom in exchange for (maybe) sending the encryption key to unlock the files.
2017 will see more attacks
The attacks will undoubtedly continue. Criminals go where the money is, and, according to this piece on Business Insider, an especially sophisticated ransomware strain has resulted in $325 million in ransom payments.
The ransomware business model
Ransomware has characteristics of legitimate business practices. Harriet Taylor writing for CNBC.Com points out that the hackers “business plan” employs the following:
- Ransomware criminals go after “large markets with affluent customers.” Rather than lose valuable business files, the victims balance a moderate (and sometimes negotiable) ransom payment against the time and cost of restoring their system.
- The cyber criminals provide a product “with a clear value proposition.” The value is that returning the seized data “alleviates a particular pain point,” i.e., the stoppage of business.
- Like most successful entrepreneurs, ransomware hackers “act with agility and stealth.” They outwit their anti-malware competitor software through ever-changing tactics.
- They employ a “profit-sharing” strategy through a new twist known as Ransomware as a Service. Low-tech criminals subscribe to the service, entrap unwary victims, and give the original ransomware coders a cut of the take.
Cyber self-protection in 2017
The USA Today piece mentioned above has some sensible advice on what everyone can do in the new year to avoid having their data kidnapped as well as to be more secure in cyberspace:
- Employ the first line of defense by remaining suspicious of unfamiliar email links or attachments. Also be wary of innocent looking online ads, which can also be planted and tainted with malware on the web.
- Remember that ransomware also targets individuals as well as businesses and public agencies. Everyone is at risk.
- Institute strong password practices; e.g., dual authentication, letter-number-symbol combinations, passphrases, etc.
- Always backup everything regularly on an off-line, external hard drive. For extra insurance invest in secure cloud backup services.
Businesses need to go a few steps further
The Department of Homeland Security also recommends a “commitment to cyber hygiene” along with best practices for protecting enterprise networks. In addition to backups, these methods include:
- a cybersecurity risk analysis for the organization
- staff training on cyber security
- patching vulnerable system software
- allowing only approved programs to run on the network
- a realistic and tested incident response plan
- an efficient and compliant business continuity plan
- testing the system by periodically attempting to hack into it
Should victims pay the ransom?
It is entirely up to the victim to decide whether paying the ransom is preferable to continuing the “pain” of business stoppage. However, the Department of Homeland Security cites “serious risks” to consider before paying a ransom demand:
- Payment of the ransom is no guarantee that the criminal will give back the data.
- Victims can be re-targeted after paying the first demand.
- Paying the initial demand could result in demand for a ransom increase.
- Ransom payments encourage the continuation of the ransomware business model.