In the 1996 film Ransom, Tom Mullen (Mel Gibson) attempts to retrieve his son from the clutches of a villain, leading a team of FBI agents to heroically save the day. Whilst this film depicts images of money arranged neatly in suitcases and dramatic shoot-outs, the tactics of modern criminals have evolved significantly, instead holding businesses hostage via their data.
Hospitals, governments and banks have been targeted with ransomware - a form of malware that restricts access to personal files and demands a monetary ransom to be paid before access is returned - with the number of malicious attacks increasing by 16 per cent this year alone. Being faced with cyber-extortion threats can be a traumatic experience for any business, but knowing what you're up against and how to secure your IT effectively can help remove these concerns.
Knowing your enemy
Early ransom demands were generally low-level, made via email and paid scant attention. They would revolve around DDoS-type attacks that hackers would threaten to execute if a Bitcoin payment was not received, as demonstrated by hacker group DD4BC. Alternatively, devices would be forcibly encrypted, with a fee demanded in order for users to access data stored on them. Whilst the significant pay-out involved means that financial services are consistently targeted, the tactics used have undergone some changes.
Whilst attacks have increased in intensity, hacker groups have also chosen to flex their digital muscles by launching attacks to a very specific intensity, demonstrating their capabilities to victims. Another notable shift has been towards publicly shaming victims, a prominent example being the Ashley Madison breach. In such instances, hackers already have access to your data and the ransoms victims pay are purely to ensure it is not released into the public domain.
Alongside the traditional email format, 'malvertising' campaigns are being implemented, even as users visit legitimate websites. With outsourced cloud computing now commonplace, service providers are being increasingly targeted. This can have a devastating impact, potentially triggering a domino effect by indirectly infecting their customers.
Don't put your money where your mouth is
Despite their growing incidence, businesses are seemingly unaware of best practice when reacting to ransom demands. Research from the IoD and Barclays recently found that only 28 percent of cyber-extortion cases are reported to the authorities, highlighting that victims are happier to pay ransoms than risk the release of sensitive data and the associated bad publicity.
Of course, this overwhelming concern for your data is exactly what cyber-criminals are counting on; in reality, businesses should avoid paying an extortionist. Recent advice from the FBI states that 'paying a ransom not only emboldens current cyber criminals to get involved in this type of illegal activity... by paying a ransom, an organisation might inadvertently be funding another illicit activity associated with criminals.' Furthermore, perpetrators are encouraged to carry out repeat attacks on the same target if they show willingness to pay up. Most importantly, we don't always know how real these threats are. Taking the example of recent attacks by the Armada Collective, thought to be a derivative of DD4BC. The group couldn't have known which of their victims paid a ransom, suggesting that the threat was likely redundant.
Prevention is better than the cure
Businesses are starting to educate their employees about potential risks and best practice for responding to cyber-ransoms. However, they must ensure that integral applications are well-protected against sophisticated attacks. The first stepping stone to this must be a full evaluation of a business's current infrastructure, to assess whether they would be able to withstand an attack of the magnitude that hackers are now capable of producing. Following this, employing a combination of on-premise and cloud-based services can mitigate attacks in real-time and prove cost-effective by scaling up and down depending on attack volume and intensity.
Another key element is ensuring that your business is protected around the clock. Access to expertise, reporting and analysis at your fingertips is now a requirement to keep businesses and end-consumers safe. Businesses have shown a growing inclination towards managed security services and the high-level expertise associated with them, given the increasingly hostile spectrum of cyber-ransom threats.
Over the past few years, the primary change in attitudes to cyber-ransoms has been that businesses are now immediately acting on ransoms demands posted by hackers, rather than only taking them seriously once significantly impacted. Whilst this is a positive, many are now moving towards the other extreme by paying hackers without sufficient consideration, something that can only serve to perpetuate the problem. Fundamentally, putting the appropriate measures in place to secure your applications will relieve worries over cyber-extortion, a scenario far preferable to giving up business revenue unnecessarily.