5 Things You Need to Know about Ransomware

Earlier this year, we mentioned ransomware as a trend to watch in 2017. While some experts believe it will hit a plateau this year, that doesn’t mean that it will be any less harmful to businesses and consumers alike.  Here are 6 things to know about ransomware:

1. Ransomware will be harder for you to detect

Bad actors know that targeting businesses is harder due to the safeguards most organizations have in place. However, this is also where the most valuable data is so these actors will be working harder than ever to remain undetected as they move about your system. In order to do this, attackers will be using legitimate tools such as Javascript and Powershell because they are much harder to detect. These behaviors will most likely fly under the radar of your typical detection systems. However, with a continuous and comprehensive monitoring solution, you will be able to see all activities across your organization and will be alerted when even the most legitimate tools are being used in opposition to your company policies.

2. More targeted attacks

While all bad actors are looking for the path of least resistance to your network, gone are the days that they will be launching large scale, multi-entry point attacks. In much the way that phishing has given way to spear-phishing, attackers are getting more specific on where, when, and how they go after your systems. The industry has referred to it as "whale-phishing" and it includes going after those executives or administrators with privileged access to your systems. Increased training by your staff will help to deter these attacks as well as a multi-factor authentication solution to ensure the right people are gaining access.

3. Increased Reputational Extortion

Just as attacks are becoming more targeted they are also becoming more public. Previously, cyber-attacks were not reported in major media unless they reached millions of records lost. However, attackers have learned from the reputational loss of companies such as Yahoo and Target, hence they are not only threatening organizations with the release of their data but with the exploitation of the breach in the news media to harm their reputation whether they pay the ransom or not.

4. The IoT. Again. 

Will there be a topic in 2017 that doesn't connect back to the Internet of Things? Not likely. While most experts do not see a risk or rise in the ransom of actual devices, these are additional endpoints to your network that are often not under the security umbrella. If you have devices connecting to your network, make sure you have a solution that is monitoring their traffic patterns to alert you when and if a device is communicating with a known bad actor. Catching them at an endpoint can save not only your device and it's applications but your network as a whole.

5. Pitting IT vs. Security Ops

We all know that the CISO is involved in purchasing new security solutions but what about the other areas of security he may not oversee? What about the new tablets the sales team needs or the new door locks that IT is adding to the server rooms? Pitting IT against the security ops teams develops too many cracks for bad actors to sneak through. Make sure that both organizations understand your cyber-security policies, critical business systems, back up plans and disaster recovery. With these policies in place and properly supported, you will not only detect ransomware faster but you will have a greater army to remediate and validate before critical data is lost.

Is this real?

Being breached is a truly terrifying thing, especially when you don't know what has been taken. If you do receive a ransom notice from a bad actor or you notice malware on your network the first thing to do is DON'T PANIC. If your SecOps and IT teams are properly aligned they will be able to not only locate but also assess the true damage of the malware and confirm whether this is a real attack that should be remediated or a ruse to get a scared executive team to pay up.

Cyber-ransom is the fastest growing type of attack on the market and if 2017 is anything like 2016 we should be prepared to continue to fight it. Being prepared is the first step but being cognizant of and continuously monitoring your solutions is the best step. Make sure that you are educating yourself and your team on these six tips to be one step ahead of the attackers.