In the summer of 2015, ransomware seemed to have slid off of the cybersecurity radar a bit. The spate of APT (advanced persistent threat) attacks revealed to have struck U.S. government targets and compromised massive amounts of data were grabbing headlines. The hack of adult website Ashley Madison demonstrated how personal, and personally damaging, cybersecurity incidents can be for individual citizens in an era where we conduct the most private parts of our lives online. And the rash of healthcare cloud hacks showed that the vaunted cloud was hardly as impervious to digital security threats.
These attacks, despite their differing targets, were similar in one way—they targeted major enterprises and were orchestrated with quite clear intent. On the other hand, we tend to think of ransomware as being something that afflicts individuals on a fairly random basis, based more on their bad luck or lack of malware scanner than on any type of intentional targeting. Plus, by the time 2015’s high-profile hacks hit the news, the original Cryptolocker Botnet had been shut down—and with it, one of the biggest names in that wave of ransomware was no longer a threat.
Now, late in 2016, this brings us to a question: Given how other forms of cyber attacks have taken precedence in the public eye, just how much of a digital security threat is ransomware really?
The answer is, it might be the biggest one. According to an article on ITWire.com, Kaspersky Labs released statistics that indicate ransomware isn’t just still floating around out there, but that ransomware attacks have been markedly increasing since the end of 2015, spiking 17.7 percent between April 2015 and March 2016. Kaspersky posits that there will be a third big wave of ransomware, and for businesses, it could be far more severe than earlier waves.
Why Enterprise Won’t Duck the Next Wave of Ransomware
The classic case of ransomware infection is that of the individual home end user getting burned. Someone receives a phishing email or downloads a file and finds that their files have been encrypted. They are greeted with a pop-up message indicating that they can only access their files by entering their credit card information and paying off a ransom. It’s an invasive and destabilizing situation to experience. But it impacts only the single unlucky individual and their personal computer.
This, however, is not necessarily how it works anymore.
Recent ransomware attacks on the healthcare industry can give us some insight into the new face of malware. In August, ZDNet reported what it called a massive ransomware campaign aimed specifically at healthcare targets, using Microsoft Word macro-enabled documents to install the malware.
The new method of delivery is quite unsettling, but the target is also significant. Rather than just letting ransomware fall where it may and bilking unlucky end users, those who profit from ransomware are targeting specific enterprises. Hospital servers house a tremendous amount of very valuable patient data—data that those hospitals need to use every day in the course of doing business. Hackers have begun to understand this. They know that when they encrypt these data, they’re likely to be able to exact a great deal of money from the hospital and that the hospitals don’t necessarily have the time—or the resources—to play around with trying to unencrypt the files themselves or the leeway to risk destroying them in the process.
Given how much more profitable such a model is for criminals, it seems inevitable that as the next wave of ransomware ramps up, more heavily data-dependent businesses working in spaces with a lot of money will be targeted.
Helping Your Clients Weather the Next Wave
With hackers aiming ransomware at high-ticket targets and using more creative, previously unseen distribution methods, it’s going to be critical to be on high alert. As with other emerging threats, using a combination of threat intelligence, system monitoring, and end user education will be the way to keep ransomware out and prevent your clients from having to face paying up or going out of business.
How have you seen your clients defending against new ransomware attacks?