Ransomware-as-a-Service: Risks to Business and Measures for Protection
Written by Dilip N
Ransomware-as-a-Service’s (RaaS) ease of access and deployment allows it to flood the market with higher volumes of ransomware, greatly increasing an organization’s threat potential. The success of these platforms and the growing demand is driving ransomware authors to develop new distinct ransomware offerings to the market. This growth in offerings along with the broad customization options these platforms provide means that companies are facing a ransomware assault – not just in terms of volume, but in variety. It is practically very hard for conventional definition-based security software packages to keep up and protect against every permutation.
Unlike other types of attacks, such as credit card breaches that often target customers and retailers, ransomware attackers do not seem to have a preference when choosing victims. The truth is that everybody is at risk, but certain companies and industries are more attractive to hackers than others. Healthcare organizations such as hospitals are particularly vulnerable to the high value of patient data. When hackers lock up historical medical data, the organization will be unable to provide crucial medical services and thus, are more likely to pay a ransom to recover the stolen data. Government institutions are also top targets due to the availability of high sensitive data, particularly data that relates to critical infrastructure, such as oil and gas, electricity, and transportation. Similarly, the value of legal data which could embarrass or incriminate clients, puts law firms at risk. Financial sector is the most obvious target due to high volume of transactions that occur on banks’ networks. Other industries which are more likely to be a target are mechanical and industrial engineering, real estate, and business & professional services.
Even if one chooses not to pay the ransom, the costs of ransomware mounts quickly, but it is not the ransom itself that’s the killer – it is the downtime. About one in six ransomware attacks result in greater than 25 hours of downtime, with some companies reporting interruption lasting more than 100 hours. Unable to provide support, make sales, or talk to prospects, it is easy to see how RaaS can indirectly cost small and midsized businesses tens of thousands of dollars in revenue.
When ‘Lansing Board of Water & Light’ faced a ransomware attack in April 2016, it payed US$25,000 in ransom. However, after recovering from the attack, administrators revealed the total cost to be US$2.4 M. Ransomware attacks need the immediate response of a cyber security team to find and stop the attack, restore the infected systems, and install adequate measures against future attacks, all of which can be expensive.
How to Protect Organizations from Ransomware Attacks
Conventional anti-virus software packages can only protect organizations or individuals against known threats. Each new type of ransomware becomes a new unknown that needs to be identified and analyzed before it is blocked. The bad news is – the only way that happens is if someone gets infected first. However, while it may sound like the odds are stacked, there are various ways to fight ransomware.
- Employee Training: Protecting an organization from RaaS starts from educating its employees. Most ransomware is forwarded via phishing emails, so training employees to be cautious of unknown attachments and suspicious messages, and ensuring they follow safety practices when browsing the web can be the crucial first line of defense.
- Antivirus That Uses Behavioral Blocking: New RaaS variants are being released at such a rapid rate that it is impossbile for antivirus products that rely purely on a signature database to detect them. As such, it is important to use IT security software incorporating behavioral blocking technology into the defense mechanisms, as they are able to stop even newly-created ransomware that has never been seen before.
- Upgrading Security: A proactive approach to ransomware is simple internet hygiene and by making sure that all the softwares are licensed, official, and updated along with regular scans. Emails being the most prevalent gateway for infections, it is desirable to implement profound spam filtering and blocking access to unreliable websites.
- Patch Early, Patch Often: Malwares which do not come via document macros often rely on security bugs in applications, including Office, Flash, browsers, and more. The sooner one patches, the fewer open holes remain for the hackers to exploit.
As more cybercriminals demand pay-outs using ransomware, this type of crime will evolve and expand. But by adequately educating all the stakeholders about the guises of ransomware and building secure defenses, organizations and individuals can save their data from becoming one of 2018’s hostages.
For more insights/updates on cybersecurity risks, check out Supply Wisdom Alerts. Take a free trial to see how we can help you stay up-to-date on latest trends and be more proactive about monitoring and managing risks across your global locations and suppliers.