Ransomware: Understand the business model & realize why your organization may be on someone’s list.

According to a study by Osterman Research, Ransomware ranks as a top security issue facing mid-size organizations in the US, with 74 percent of companies stating they’re “concerned” about the issue. It’s understandable, as roughly 20 percent of companies hit with Ransomware were forced to cease business operations immediately, and 10 percent reported revenue losses.*

As business leaders scramble to tighten security systems, many are asking what’s behind this new surge in criminal activity. First, it’s important to remember that Ransomware differs from other cybersecurity threats in that the attacker is attempting to disrupt your business by locking company data files and/or shutting down your website. A decryption key is provided once the ransom is paid, but for most midsize companies this direct hit on their ability to conduct business is of more concern than stealing non-public information or even intellectual property.

With a potential “market” in place, there’s still a critical piece to consider – creating and deploying an effective piece of malware is expensive, and sophisticated cybercriminals typically look to the higher net-worth enterprise. So why the increase on smaller targets? Here, criminal groups took a page from legitimate software companies and have begun licensing their “product” to local/smaller criminal entities (many with few IT recourses). Much like your business might, for example, pay an annual licensing fee to Microsoft for use of Microsoft Office (Software as a Service, or SaaS), a budding cybercriminal can now pay a small fee for access to a suite of cybercriminal tools. Referred to as Malware as a Service (MaaS), enter a few other “vendors” like payment processing services and even lead generation tools, and you have a highly effective and difficult to detect cybercriminal operation.

The model is so popular, recently a MaaS provider known as “vDOS” was attacked. The hack spilled secrets on thousands of vDOS’ paying customers and their potential targets, and also revealed vDOS’ earnings of over $600,000.

Armed with the knowledge that virtually any small-time crook can potentially become a high-level cybercriminal, it’s time to be realistic about the threat and better protect your business. For that, we recommend the following: Armed with the knowledge that virtually any small-time crook can potentially become a high-level cybercriminal, it’s time to be realistic about the threat and better protect your business. For that, we recommend the following:

1) Remain Vigilant

Keep your people trained and your security systems patched and up-to-date. These are the easiest ways for a bad actor to enter your environment, and also the easiest to proactively manage. (For tips on employee education check our blog on Turning Your Weakest Link Into Your Strongest)

2) Configure & Test Your Backup Systems Carefully

Of course you backup everything, but are you regularly testing the backup, and can your backup fall prey to a cyberattack? Corrupt backups are useless, so any investment you’re making to regularly backup will be for nothing if you can’t actually access the data when it’s needed.

3) Work with a technology adviser

Your IT service provider should be proactively addressing these issues, regularly testing systems, conducting vulnerability assessments, and keeping your IT security in line with current best practices. If this is happening, your technology will not fail your business.

We’d love to know your experience with Ransomware and learn how you’re protecting your most valued information technology assets. Please feel free to leave a comment on any of our social media platforms, or send us an email.

*As reported by Osterman Research, Inc. in their “Second Annual State of Ransomware
Report: US Survey Results”. Published July 2017. Click here to download the full report (will require pdf viewer).

You might also enjoy reading...