Significant attention is being given in the news across the world to active and emerging cyber attacks. Alastair Broom, takes a look at one of those: Ransomware - to ask what it is and how some organisations are dealing with it.
Dip into tech headlines across the world and it is clear that cyber attacks are evolving. They’re becoming more prevalent, more impactful and harder to stop.
And CIOs are painfully aware of that. In the Logicalis CIO Survey 2016, more than three-quarters (78%) of the 706 CIOs surveyed cited security as their biggest challenge. Within their security challenges more than half (56%) said ransomware and corporate extortion will pose a significant risk to businesses over the next 12 months.
So what do CxOs need to know about ransomware?
What is ransomware?
The methods of delivery vary, but malware is a common vector. But however the malicious payload is delivered, the net result is your systems may be rendered inoperable or your business-critical data encrypted, rendering it inaccessible unless you pay a ransom.
What’s really worrying is the availability of software to allow people to perpetrate these attacks. Nearly anyone can go out and purchase a ransomware attack via black markets.
For example, the Neutrino Exploit Kit - a sophisticated and popular piece of ransomware - is available ‘as a service’. Anyone, including non-technical people, with a grudge or appetite for destruction can obtain it via underground black markets. (If you are morbidly curious how much these things cost, recent reports indicate that the current going rate for the Neutrino Exploit Kit is about $7,000.)
What happens when you are attacked with ransomware?
Many organisations end up paying the ransom, simply because it’s the easiest thing to do. Obviously this is ethically challenging: There is no guarantee that the cyber-criminals will actually re-instate your systems or unencrypt your data, or that you won’t be attacked again, either by the same party or a different one.
Others choose to recover using a full system backup. This is probably the quickest way to bring your system back online, but it doesn’t address the fact the malware may have spread laterally, nor does it help you understand how you got infiltrated in the first place.
In many cases these organisations end up playing an unpleasant and high-stakes version of Whack-a-Mole: Uncovering and rectifying infections as they continue to pop up on different systems.
Then there’s the nuclear option. Erase and start from scratch. From a technological standpoint, this is executable, but what about the business? In some scenarios it might mean bringing a business-critical system down for a considerable length of time - and that’s not saying anything about the costs of the recovery itself. In any case, although the system may be back up and running, the underlying data may be lost forever.
How to prevent ransomware?
The easiest way to deal with ransomware is to stop attempts to infiltrate your system. But more importantly, you need processes in place to assess your risks, costs and incident response in the event of a successful attack.
One solution is to implement malware security strategies such as the “Umbrella” solution from Cisco. Cisco Umbrella incorporates technology that can filter out malware and malicious connection attempts in the cloud, before they even reach your network. The solution also includes software on the corporate network (Cisco Advanced Malware Protection [AMP]) that can identify and automatically remediate against malware that has managed to infiltrate traditional perimeter defences.
According to Cisco 2016 Midyear Cybersecurity Report, Cisco AMP boasts an approximate malware detection time of 13 hours. With 1.5 million malware samples analysed by Cisco experts every day, it’s always up to date—which is critical in the chaotic and rapid-fire world of cyber attacks. Cisco Umbrella can prevent up to 95% of ransomware attacks by preventing malware from reaching the corporate network and preventing command and control channels used by the malware authors.
Whether you use Cisco, either on your own or with an experienced partner, it’s important to start selecting solutions, identifying priorities and start building your IT defences to stop ransomware. In the end, you need to ensure your organisation is ready to make smart decisions if you find yourself in the unfortunate position of having to deal with a ransomware attack.
Read more about the challenges faced with digital transformation with Five Cyber Security questions CIOs must be able to answer...