Why businesses urgently need better ransomware protection in 2017

If you haven’t encountered it yet, you’ve heard about it: Ransomware is a type of malicious software designed to encrypt the data or block access to a computer system until a demanded sum of money is paid online. Traditionally, most ransomware thrived on unspoken trust between the cybercrime victim and the hacker, based on the assumption that the attacker will deliver on the promise of the data being released after the money is paid. To this day, most of the cybercriminals around the world have demonstrated a surprising discipline in fulfilling this promise, coupled with a relatively small amount of money that was used to be demanded: just a few hundred dollars for an average home-based consumer.

If you had ever been through a ransomware attack, you most likely had 2 outcomes: you either had a good backup of your data and you had your IT professionals restore your system, or you ended up paying up the ransom to get back to a status quo.

Ransomware world is changing

As the popularity of the ransomware in the cyberworld keeps growing, less “professional” hackers come to play that have different personal standards or the lack of experience to deliver the coding functionality to truly uphold the ransom return promise.

Here is a little recent history: in August 2015 Turkish coder Utku Sen released the source code for “Hidden Tear”, a tool with a purpose to educate general coding public and computer science students who want to understand how ransomware works, about a “ransomware-like file crypter sample which can be modified for specific purposes,” including professional testing against ransomware attacks. The released source code included a legal warning that said the tool should only be used for education, but as you may have guessed, cybercriminals don’t care about legalities.  cybercriminal ransomware hacking

The Hidden Tear source code was repeatedly reused by hackers to create a new version of file-encrypting ransomware to use for malicious purposes, including demanding ransom from the victims, as in the case of Ransom_Cryptear.B, designed by a Brazilian hacker to encrypt the system files to demand a $500 in return for a decryption key. Unintentionally, the author of Hidden Tear enabled malicious actors to reuse and modify the code to create a real, criminal ransomware.

So we can see a certain possibility of larger numbers of beginner hackers who are now enabled to practice and build-their-own ransomware, and it means more malicious code floating out there just waiting to be picked up by an unsuspected user.

Another threat is a possibility that beginner users may not have the skills to built proper recovery tools, potentially compromising your data. The fact that more and more actors enter the arena can also mean that some of them would not really care about upholding the previously existing “hacker standards” and would not bother to provide you with a decryption key or granting you access back to your system once they got their money.

Many IT security professionals predict a continued rise in ransomware attacks

2016 had seen some high-profile breach cases, notably including the systems of San Francisco’s light rail network — which avoided paying the demanded $73,000 ransom because its systems were backed up — and a Hollywood hospital — which was forced to pay $17,000 in bitcoin to retrieve its data.
Hackers target individual consumers as well. Almost 40 percent of consumers would be willing to pay more than $100 to get data back. Most ransomware fetches over $300 per victim, according to IBM.
Compared to 2015, 2016 have seen a  6,000% rise in ransomware attacks (according to a new study from IBM Security.)  Ransomware at large made the hackers a $1,000,000 – one billion dollars – last year, and being such lucrative money-maker for criminals it is only going to get bigger. 
  • 70% of business victims paid the hackers to get their data back, the study found.
  • Of those who paid, 50 percent paid more than $10,000 and 20 percent paid more than $40,000.
  • 40% of spam emails are infected with ransomware.

While some specialists predict ransomware hitting a plateau in 2017, hackers are expected to employ ransomware that’s harder to detect, leading to an increase in “malware-less ransomware”, which does not contain an executable code and relies purely on system-native tools like JavaScript to carry out the cyberattack, thus bypassing traditional detection mechanisms before executing. This types of attacks will be part of their efforts to target businesses, which is a more profitable way of extorting money than going after the average consumer.

Key takeaways on new ransomware threats of 2017

  • Ransomware is a money-making crime, and it is only going to get bigger.
  • New extortion schemes gain momentum, with expected growth in ransomware code families.
  • Ransom amounts will get substantially larger for businesses.
  • If you have no backup, you may never get your data back.

Basic tips on Ransomware Preparedness

Both businesses and home users should take steps to protect themselves from ransomware.

  • Disable Macros: Document and email macros are a common infection point and should be disabled by default.
  • Be Smart: Be cautious when opening email attachments and clicking on any links, even official-looking.
  • Patch and Protect: Maintain regular software updates for all devices, including operating systems and applications.
  • Purge: consider deleting applications you rarely or never use.
  • Guard your privacy: keep confidential data off your systems.
  • Backup Your Data: Plan and maintain regular backup routines. Ensure backups are secure, and not constantly connected or mapped to the live network. Test your backups regularly to verify their integrity and usability in case of emergency.
The most important thing businesses can do to protect their organization is to let their IT and security professionals do their job and protect mission-critical business elements and processes:
  • backup key systems and data;
  • regularly practice backup and restore procedures;
  • create and practice a disaster recovery plan;
  • implement programs for patch management;
  • harden business and user systems;
  • monitor security.

Does your SMB need reliable, expert Security, Data Backup and Disaster Recovery Services in New Jersey?

Call us (201) 4931414 to speak to our IT Security experts or Request a Consultation today. Let’s start a conversation to make sure your business continuity is secured.

Intelligent Business Continuity services from powersolution.com, a New Jersey local IT Security Consulting and Computer Network Support company include remote and on-site computer tech support, proactive monitoring, data backup and disaster recovery solutions, and other assets of Managed Services.


How is your state of IT? Call Us: (855) 551-7760 with any questions.