The year 2016 has come to an end, you are probably looking into 2017 and making new year’s resolutions. Here is a nice one: protecting your company against ransomware, the latest cybersecurity threat. One with a perfect business model. One that is spreading like the flue.
What’s this all about, that ransomware thing? Well, it’s the newest kid on the block in cybercrime and it saw a huge boost in 2016. The ransomware, a kind of computer virus, will lock your computer, your complete IT-system by encrypting ALL data. You will need a key to decrypt the data and to be able to access it again. To be able to start working again. And there’s the (bad) genius of ransomware: the ransom you need to pay is quite reasonable… So most companies do pay: it’s cheaper than to be out of business for a day, for a week.
Some facts about ransomware
IBM Security recently published a study about ransomware. Here are some – asthonishing – facts:
- The ‘turnover’ of ransomware will probably hit 1 billion US $ in 2016… That’s 1 000 000 000 dollars.
- Ransomware this year increased 6.000% compared to 2015
- Nearly 40% of all spam emails contain ransomware
- 70% of the executives who were victim of ransomware paid the ransom. 50% paid over 10.000 US $, 20% paid over 40.000 US $…
10 days before complete recovery
One of the first ransomware attacks that got covered by the media, was the attack on the Hollywood Presbyterian Medical Center. The attack started the evening of the 5th of February 2016, it took until the 15th of February before the electronic medical record system was completely restored, even after having paid the ransom of 40 Bitcoins (17.000 US $).
During that period, the hospital had to rely on handwritten reports and faxes for communication… And according to some reports, medical procedures like CT-scans could not be carried out, patients were transferred to other hospitals. You can read the story here and here. Wired wrote an interesting article about it.
The perfect business model…
What is interesting about ransomware, is their business model. Which is kind of perfect… Once they’ve hacked your system, your entire production, they charge you a ‘reasonable fee’ to unlock everything again. From a business perspective, that cost is marginal compared to being out of business for a day, or more. Or compared to the cost of starting from scratch. So many businesses are inclined to pay the ransom, which was demonstrated in the study by IBM. As long as the ransom is not too high, executives will pay.
How to prevent an attack?
There are a few things you can do to prevent a ransomware attack. The first and most important one is creating awareness in your company. Tell everybody the story of the hospital that was hit… These kinds of stories resonate.
And then there are some practical things:
- Always be vigilant, certainly with e-mails that are too good to be true, or just conspicuous, e-mails with attachments
- Backup your data, and do this very frequently and consistently. And make sure you have a backup that is not a part of your network, otherwise the backup could also be hit by the ransomware. Make a backup that is offline or even offsite, e.g. on removable media and keep the latest version in a secure place
- Disable macros in your office software, they are regularly involved in attacks
- Update your software, make sure that you use the latest versions of the OS, of the application software
- Invest in security software.
**it happened, now what?
In case you were hit by ransomware, first check if antiransomware tools can help you, e.g. NoMoreRansom.org, Kaspersky, TrendMicro, McAfee. Here are two additional links with a lot of tools: one and two. And today a new freeware was launched: RansomFree.
If they can’t help you, you need to check with specialists, who can check whether your data can be recovered, whether backups are infected or not. If they can’t help you, you either have to pay, or to start from scratch…
The choice is yours…
So what are you going to do? Are you going to invest time and money in awareness and (legitimate) tools to prevent being hacked? Or are you taking the risk and just pay criminals a reasonable price once you are hit with ransomware? The choice is yours.
UPDATE 21/12/2016: The past few days multiple new articles were published about this topic. Here are two that are really worth while reading. The first is by PC World and gives a really good overview. One of the interesting – and also terryfying – points in the article is that ransomware is shifting focus to small and mid-sized companies… because these kind of companies are more willing to pay a higher ransom. The second comes from O’Reilly and focuses on whether or not you should pay the ransom.
UPDATE 22/12/2016: During lunch I had a drink with a friend of mine. When I mentioned ransomware, he told me that they recently got hit by an attack. The e-mail message they got looked very legitimate. But when the Word document attached was opened, the encryption started… Fortunately, they immediately disconnected the computer from the rest of the network, preventing the ransomware from spreading. And they also had a good backup, so the complete computer (except some personal files) were restored. But it shows ransomware is real. And it is spreading amongst businesses.
UPDATE 04/01/2017: A short update with two interesting articles. The first is the first documented ransomware on a Android-based TV set! Yes, your TV can be hacked… And the second is about a rather interesting and nice new ransomware, which will decrypt your files after reading two educational articles about ransomware…
UPDATE 10/01/2017: Today two new articles appeared, with disturbing news. It seems that a lot of people were hit by the ‘Merry Christmas’ ransomware (read the article). And even more disturbing: a school in Los Angeles (USA) paid 28.000 US $ to cyberattackers, after security experts advised them to pay the ransom… (read the article)
UPDATE 30/01/2017: Another ‘interesting’ case of ransomware: a 4-star hotel in Austria was hacked and the electronic key system was blocked, meaning that guests could not enter their rooms… According to the management multiple other hotels have also been hit by the same ransomware. Their solution – after paying the ransom – is to go back to physical keys in the future…
UPDATE 02/02/2017: According to this article, 1 in 3 UK NHS providers have been hit by a ransomware attack over the last 18 months…
UPDATE 16/02/2017: two interesting articles were published today. The first is about the 7 security threats that scare experts the most, and yes, ransomware is the number one. The second is the CEO of Sophos, a leading computer security company sounding the alarm on ransomware…
UPDATE 23/02/2017: also macOS is targeted by ransomware, as shown in this article.
UPDATE 13/03/2017: here is another good overview how to prevent attacks and what to do when you are hit by a ransomware attack.
UPDATE 29/03/2017: it seems there is a new kind of ransomware, one that works with self-extracting DropBox files… Which makes it harder to spot.
UPDATE 31/03/2017: and another new type of ransomware, one that makes use of ads in Skype.
UPDATE 27/04/2017: according to a new report by Symantec, 1 in every 131 mails contains a malicious link or attachement… And the average ransom is now above 1000 US $.
UPDATE 13/05/2017: ransomware is getting very real and very scary: today a ransomware attack affected no less than 25 hospitals in England and 4 surgeries in Scotland. And there were similar attacks reported by Spanish utility firms, and in the US, China, Russia, Italy, Vietnam and Taiwan… You can read the whole and at this moment still developping story at the BBC website.
UPDATE 13/05/2017: this is the second update in just over half an hour… CNN reports that according to Kaspersky Labs no less than 74 countries have been hit by this attack!
UPDATE 14/05/2017: the total number of IP addresses (not computers!) has grown to over 220 000, in at least 150 countries around the world. I’ve created a new article on this specific attack.
UPDATE 22/05/2017: a new article by CNET contains a terrifying fact, 6 out of 10 small businesses who get hit by ransomware are out of business within 6 months…
UPDATE 30/03/2018: here is a good overview of ransomware and – more importantly – what you can do about it, with screenshots of settings of all kinds of operating systems. A recommended resource!