You may also be interested in:

Articles

Ransomware: The ‘New Criminal Business Model’ to Fear

  • By Andrew Deichler
  • Published: 11/2/2015
cryptolockredAmong the most dangerous cyberattacks aimed at businesses today are ransomware attacks, which encrypt victims’ files and demand payment to decrypt them. According to a new report, a powerful strain of ransomware called CryptoWall has wreaked more than $325 million in damages on “hundreds of thousands” of victims all over the world.

“Ransomware attacks are skyrocketing,” Stu Sjouwerman, founder and CEO of IT security firm KnowBe4, told AFP. “They’re going up about 100 percent per month. Ransomware is the new criminal business model.”

The Cyber Threat Alliance (CTA), a cybersecurity industry group comprised of companies like Intel, Symantec and Palo Alto Networks, released a report last week revealing the extent of the damage caused by the third variant of CryptoWall (dubbed CW3), which began infecting computers in January 2015. The CTA has discovered more than 4,000 malware samples related to CW3, over 800 command and control URLs and nearly 407,000 infections. The area most targeted was the U.S., with over half the victims being American.
 
More than 67 percent of the 70,000 incidents where CW3 has been seen were the result of phishing emails, the CTA explained. However, the majority of these emails were sent between January and March. After that, the attackers began to expand their use of exploit kits, malicious toolkits that exploit security holes in software applications. Victims typically encounter these types of attacks when they stumble onto a website that has been taken over by cybercriminals.

Act before an attack    

Attendees of the Sibos conference in Singapore last month had the opportunity to attend a ransomware attack simulation. Participants split up into groups and worked together to mitigate a ransomware attack on a fictional bank. The general consensus among attendees was that most organizations, whether they be financial institutions or corporates, do not have a plan in place for ransomware until they are actually hit with it. And that needs to change.

Some corporates may be under the impression that this is only a bank or a consumer problem. But if so, they could be in for a very rude awakening. “Cybercrime does not discriminate,” Sjouwerman said. “We see churches being hit. Anybody who is gullible enough to double-click on an attachment that says, ‘Hey, this is a voicemail you missed,’ is going to be hit. So yes, large enterprises, small enterprises, non-profits, you name it—they are all seeing ransomware infections.”

Sjouwerman offered a few tips for corporate treasury and finance professionals for preparing for and dealing with ransomware attacks.

Implement “new school” security awareness training. According to Sjouwerman, ransomware has served as a wake-up call to companies that “old-school” security awareness training isn’t working anymore. “Old-school is: you’re herded into the breakroom once a year, you’re given coffee and donuts and you get exposed to death by PowerPoint,” Sjouwerman said. “Twenty minutes later you’re let out, and you use your checkbox compliance for another 12 months. No pun intended—but that doesn’t hack it anymore.”

Instead, Sjouwerman recommends “new school” security training. “It’s relatively simple. You just test people, you find out how many people are click-happy or what we call phish-prone, and you train them online, in the browser. Then you regularly send them simulated phishing attacks. That works. We’ve seen the phish-prone percentage go down from 16 percent to 1 percent in a 12 month period. But you need to do it and it needs to come from the top down,” he said.

Back up your files. What makes ransomware such a huge threat is that these criminals are essentially holding your files hostage. But if you have a good backup in place, then you should be able to recover those files. PCWorld noted that online backups with automatic incremental backups can be lifesavers. Additionally, companies should be keeping at least one set of backups offsite.

“We get lots of people calling here because they were infected with ransomware and didn’t have a backup that actually worked,” Sjouwerman said. “If you have no backups, you’re toast.”

Pay the ransom. Sadly, often the best course of action is the simplest one. If you didn’t backup your files and a ransomware attacker is holding your data hostage, it’s ultimately going to do less damage to your company financially if you pay the ransom.

“If you add the cost up of losing weeks’ worth of files, you’re talking tens of thousands of dollars, whereas the ransom is only $500,” Sjouwerman said. “It’s a pragmatic business decision.”

Interestingly, the ransomware perpetrators are among the more honest criminals out there—they will give you back your data if you pay the ransom and won’t bother you again. Amazingly, these criminals are “very concerned with their business reputation,” Sjouwerman explained. “For all the ransomware payments we have made for victims, 100 percent have actually received their decryption within a few hours. So paying the ransom does get your files back.”

Decoding your Analysis Statements
August 22 - 23

Dive into the wealth of information contained in your bank account analysis statements. Discover the guidelines for account analysis statements, how electronic statements work, how AFP Service Codes could and should be assigned, and perform your very own crossbank comparisons.

Learn More

Copyright © 2018 Association for Financial Professionals, Inc.
All rights reserved.