Home >> Insights  >>

WannaCry Is Part Of A Bigger Problem

by Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet April-2018

When a cyber threat grows in magnitude by 35 times in one year, every organization should pay heed. This is exactly what has happened with ransomware. Hacktivists targeted organizations around the world representing myriad industry segments and businesses of virtually every size in the recent WannaCry attacks. Ransomware-as-a-service and affiliate models have lowered the entry bar for cybercriminals. And monetary technologies like bitcoin make it virtually impossible for law enforcement authorities to track ransom payments. With the exponential growth in ransom paid to ransomware hacktivists, the prospect that this will continue—and at a faster rate—in coming years is great. Recognizing the growing threat, banks overseas are stocking up on bitcoin so that their customers (and themselves) can quickly pay cybercriminals to unlock hacked data. The financial impact to organizations is much larger than just the ransom being paid to cybercriminals. Downtime translates into thousands and often hundreds of thousands of dollars in lost revenue and productivity. Organizations across multiple industry sectors can attest to these implications.

Scope Of the Threat

Data is at the heart of most organizations today—from small businesses to large enterprises. Digitization of more and more company assets, in addition to the growing importance of the cloud, puts data in the crosshairs of cybercriminals. It is becoming a much bigger problem today, with data growing at a rate of more than double every two years. Recognizing the value of data, cybercriminals are increasingly turning to ransomware as a means of monetization. They infiltrate IT systems and access data through various hacks, encrypting, locking, and exfiltrating files. Unable to access information that is critical to their businesses, hacked organizations are forced to pay for the information to be released by the cybercriminals. The sophistication of many of these efforts has evolved to the point where cybercriminals provide their victims with live customer support that walks them through the processes to remit payment as well as regain access to their data and IT systems.

Ransomware Attacks Skyrocket

So how serious is the threat of ransomware? Last year, ransomware attacks more than doubled. Upwards of 4,000 ransomware attacks happen daily, infecting an average of between 30,000 and 50,000 devices monthly. And the potential for additional growth is huge. Even with this rate of increase, ransomware only comprises two percent of total malware attacks today. The financial repercussions of ransomware has skyrocketed as well. Consider the following. In 2015, a total of $24 million in ransom was paid out; in 2016, that number shot up to more than $850 million. The amount being demanded by cybercriminals is following a parallel path: the average demand for every attack jumped from $294 in 2015 to $679 in 2016. But the biggest impact of ransomware is not in the ransoms being paid. Sixty-three percent of organizations that experienced a ransomware attack in the past year indicate it led to business-threatening downtime. Another 48 percent report it resulted in the loss of data or hardware. And for those organizations that pay a ransom in exchange for being able to recover their data (42 percent admit they paid the ransom), one in four never recovered the data. This is why the security experts recommend victims to not pay ransoms.

Just the Tip Of the Iceberg

Yet these numbers are likely not a true representation of the extent of the problem. Ransomware attacks are vastly underreported, with fewer than one in four incidents being reported. Over half of businesses admit they experienced a ransomware attack sometime during the past year. Thirty-four percent of them lost money, and 20 percent were forced to shut down their business! When these factoids are factored into consideration, the financial impact is alarming. But it gets worse: 3.5 percent indicated lives were put at risk as a result of the effects of the ransomware attack. For organizations thinking they are too small to be a target for ransomware attacks from cybercriminals, think again! Often lacking a dedicated in-house IT expert and managing IT systems lacking the necessary controls, small businesses aren’t immune to ransomware attacks. Indeed, operating without the proper data protections in place to defend against, prepare for, and recover from ransomware, these businesses are quickly becoming a prime ransomware target for cybercriminals.

Nearly every industry sector and organization size is affected by ransomware. Manufacturing tops the list when it comes to percentage of total ransomware per industry (16 percent). The utilities and energy sector is a close second (15.4 percent), with technology, professional services, retail, healthcare, financial services, and legal with a substantial share. Several reports tag professional services as an area where there has been the fastest growth in ransomware attacks.

With cybercriminals reaping a 35-fold increase in their earnings from ransomware attacks in 2016, the frequency and sophistication of the attacks will most assuredly increase in velocity and scope. Organizations will do well to heed the following takeaways as ransomware evolves and mutates into an ever-increasing threat to organizations of virtually every shape and size:

1. Stop Known Threats: Seek out a cybersecurity solution that stops known ransomware threats across all attack vectors. This requires a layered security model that includes network, endpoint, application, and data center controls powered by proactive global threat intelligence.

2. Detect New Threats: As existing ransomware is constantly morphing and new ransomware is being released, it is important to institute the right sandbox and other advanced detection techniques to pinpoint the variants across those same vectors.

3. Mitigate the Unseen: Real-time actionable intelligence must be shared between the different security layers (and generally vendor products) and even extended to the broader cybersecurity community outside of your organization such as Computer Emergency Response Teams (CERTs), Information Sharing and Analysis Centers (ISACs), and industry coalitions like the Cyber Threat Alliance. This rapid sharing is the best way to respond quickly to attacks and break the kill chain before it mutates or spreads to other systems or organizations.

4. Prepare for the Unexpected: Segmentation of network security helps protect against ransomware wormlike behaviour such as that of SamSam and ZCryptor. Data backup and recovery is just as important. Organizations that have recent data backups are able to spurn demands for a ransom and quickly and easily recover their systems.

5. Back Up Critical Systems and Data: Although it can be a time-consuming process to restore an encrypted system, as well as an interruption to business operations and a drain on productivity, restoring a backup is a far better option than being held hostage with no guarantee that your ransom payment will result in your data and systems being unlocked and restored. In this case, you need the right technology, processes, and even business partner to ensure your data backups meet business requirements and their recovery can be done expeditiously.

The disruption that ransomware can cause is not insignificant – WannaCry will, indeed, be a painful experience. Only by harnessing all their cyber defence resources in a coordinated way can firms effectively fight massive cyberattacks like WannaCry. Though no solution is fool proof, implementing best practices can go a long way in minimizing future tears.