Ransomware: Not dead, just getting a lot sneakier

Atlanta Chief of Police Erika Shields said, “The criminals that infiltrated the city’s network compromised 'years' of dashcam videos," as reported by  The Atlanta Journal-Constitution . Photo Credit: Curtis Compton/ ccompton@ajc.com

Atlanta Chief of Police Erika Shields said, “The criminals that infiltrated the city’s network compromised 'years' of dashcam videos," as reported by The Atlanta Journal-Constitution. Photo Credit: Curtis Compton/ccompton@ajc.com

Ransomware may not claim as many victims as in the past, but earlier this year, the city of Atlanta discovered its potency. Ransomware – a computer attack that holds information hostage — can cause tremendous havoc for companies without adequate ransomware protection.

BBC reported in June, “Years of video evidence gathered by police has been lost thanks to a ransomware attack on Atlanta in the US. Most of the lost evidence involves dashcam recordings, said Atlanta police chief Erika Shields in a local newspaper interview.”

The hackers behind the SamSam infection demanded $51,000 in bitcoin to unlock encrypted data, but Atlanta officials said the city had not paid the ransom, according to the BBC report.

Ransomware remains a danger, but in a different way than a year ago.

The site zdnet.com reported that in 2017, “the impact of ransomware dwindled. Detections of Locky, Cerber and other long-standing ransomware families massively declined.”

Yet while the number of ransomware attacks dropped, variations such as GandCrab and DataKeeper plagued victims.

The news site, Nulltx.com, confirmed that ransomware has changed in the past year: “Ransomware distribution took off between 2015 and 2017. Although things have calmed down a bit since this attack vector has not lost much of its popularity. It does seem criminals have a slightly tougher time infecting thousands of computers in one go these days, though, which can only be considered a positive development.”

The site noted that “the ransomware hype culminated in the global WannaCry attack of 2017. With over 300,000 corporate and government systems infected across over 140 countries, the whole world received a rude awakening as far as malicious software was concerned.”

The Hill warned that government bodies face threats from malicious software. Morgan Wright, an expert on cybersecurity strategy who served as a senior advisor in the U.S. State Department Antiterrorism Assistance Program, wrote in The Hill, “According to a 2017 report from Government Technology, which I worked for in the past, cities spend north of $30 billion and counties round $22 billion. Yet most agencies spend less than 5 percent of their IT budget solving cybersecurity problems. This lack of spending has only fueled the growth of ransomware and services associated with storing, selling, and monetizing the ill-gotten data.”

The lesson is simple. Organizations of all sizes need to remain diligent to mitigate the risk of cyber threats, even if certain threats have dropped out of the headlines.

What can your organization do to increase the effectiveness of its ransomware protection?

In a recent blog, What small businesses need to know about ransomware (and why backups are so important), Sinu offers several tips summarized below:

  • Don’t open attachments from an unknown sender.
  • Make sure your saved data is being backed up daily.
  • Back up your desktop or laptop if you store sensitive data on those devices.
  • Assess your data backup and restoration process regularly. Ask your IT team how far back backups go and test it out.
  • Update, patch and purge. You should be set to receive automatic security updates and patches for all software, including operating systems, apps and security software — on all devices. Delete any applications that you rarely or never use.
  • Keep up with recommended hardware replacement cycles. Hardware 5 years or younger increases the chances of the firmware being up to date and patchable.
  • Disable those macros. IBM reports that document macros are now a common way to deliver ransomware, so macros for email and documents should be disabled by default.
  • Provide tech and data security training to your employees.

Contact Sinu for more information on how to improve ransomware protection and create a culture of data security in your organization, or download our free whitepaper for more tips on data security to share with your employees: Oh, the humanity! The role people play in data security.