One of the more disconcerting developments in the malware world over the past few years for both individuals and enterprises is ransomware. Ransomware is a type of malware that locks files on an infected computer with a cryptographic key and demands that a user pay up to the people running the attack via cash voucher in order to unlock the files on the drive. The element of extortion makes a ransomware attack feel even more invasive than a standard computer virus. It goes beyond just having a computer destroyed or even having data stolen. Being extorted feels personal.
Early this year, The Atlantic reported that a major hospital in Los Angeles was struck with a piece of ransomware that encrypted the hospital’s patient data, essentially shutting down the hospital’s electronic healthcare records system, and demanded a $3.6 million ransom paid in bitcoin. Then Time.com reported in March that Mac users, long thought to be safe from the more common and pernicious threats of the malware world that regularly plague PC users, were hit with their first dose of ransomware.
It’s clear that in 2016, ransomware is finding its way into bigger enterprises and new platforms. Both the security industry and the FBI are racing to try to get a handle on the threat. For enterprises, digital threat intelligence could be key in fighting the spike in this particularly invasive and demoralizing cybersecurity threat. Here we’ll explore how.
What Is Threat Intelligence?
Threat intelligence consists of using information gathered and aggregated from security solutions, news feeds, and other sources in order to better understand proliferating cybersecurity threats and using that information in order to take action against cybersecurity threats.
A Tool to Fight a New Kind of Threat
The news of ransomware appearing in hospitals offers a prime example of how threat intelligence is a valuable tool for stopping ransomware outbreaks. Hackers have discovered that encrypting the data of healthcare providers is a lucrative proposition. Providers can be multi-million-dollar operations that absolutely cannot function without their patient data. So they’re a target with a big potential payout, and they have an incentive to pony up the cash.
Threat intelligence that aggregates information about the healthcare space and the regions where healthcare enterprises are being targeted and about particular types of phishing attacks used by ransomware targeting hospitals can be used in order to keep both IT staff and end users on heightened alert for incoming ransomware scams. It can also allow providers to be proactive in setting up solutions that will both recognize and block ransomware links or attachments.
Additionally, it can inform usage policies that disallow behaviors that could lead to a specific threat hitting the network. For instance, if threat intelligence indicates a certain kind of ransomware is being brought into enterprises on mobile devices, hospital IT can limit mobile-phone usage until the threat has subsided or been controlled.
Threat Intelligence for the Present and the Internet of Things–Enabled Future
Researchers have recently demonstrated proof of concept for ransomware being able to infect devices other than traditional laptops, desktops, and even smartphones. Smartwatches and smart televisions have been shown to be potentially susceptible to ransomware. So as the Internet of Things continues to gather momentum and more devices—in the home and in the office—are constantly connected via Wi-Fi, we may see ransomware become an even more pervasive problem than it already is. Some suspect that it won’t be long before we see people’s smart refrigerators and other vital portions of the smart home locked and ransomed.
The more wired the world is, the more opportunities hackers will have to shake people down with ransomware. Being able to stay on top of where the threats are proliferating with threat intelligence could go a long way in keeping individuals and enterprises safe from an era of high-tech extortion.
How have you seen threat intelligence used in order to fight ransomware?