When It Comes to Ransomware Pay Now

By Carolyn Crandall, CMO Attivo Networks

Ransomware continues to dominate the security news cycle and the minds of most enterprise organizations. Whether this is driven by the recent flood of Petya attacks, the previous global WannaCry attacks or validation by recent studies such as the one by Trend Micro, which found that new ransomware families increased by a whopping 752% in 2016, the concern is valid and deserving of attention.

Notably, the report adds that the availability of open-source ransomware and ransomware-as-a-service (RaaS) will continue to make it easier for cybercriminals to run their own ransomware, further fueling attacker momentum.

Poorly patched Linux servers are also being targeted according to Web-Hosting company, Nayana. The South Korean company recently agreed to pay $1M in ransom which effected 3400 customers on 153 of their servers.

While it may be a challenge for organizations to find the money for ransomware prevention, the old adage “you can pay me now or pay me later” certainly applies here. If you can’t find the budget for ransomware prevention, you may ultimately have to pay more if you don’t. Hopefully, some of the findings here can help you obtain more funding if that is what is necessary.

The Petya ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone has installed it) or through two Windows administrative tools.

The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint.

According to the researchers who found another family of ransomware, RanRan, there has been an interesting shift in tactics. Instead of being purely financially motivated, this specific family takes a hacktivist approach by attempting to force a Middle Eastern government organization to make a negative public statement against their leader.

This should give everyone pause as we think of this in terms of the FBI’s current investigation into Russian interference with the recent presidential election. However, it doesn’t mean that attackers have changed their ultimate goal—making money.

Healthcare, of course, became the poster child for ransomware after the attack at the Hollywood Presbyterian Medical Center in Southern California last February. In that incident, a hacker successfully held the hospital’s computer system hostage in exchange for $17,000. But the loss of productivity and, undoubtedly, reputation were even more severe. It certainly got the attention of the government.

In its fourth annual Cyberthreat Defense Report, the CyberEdge Group includes findings from 1,100 IT security decision-makers and practitioners from 15 countries, six continents and 19 industries who reported, a nearly unbelievable 61 percent of responding organizations were compromised by ransomware in 2016. Worse, the firm reported that one-third of all victims surveyed felt they had no alternative other than paying the ransom associated with an attack.

Mike Rothman, president of security analyst firm Securosis says these findings are consistent with what that firm is seeing in the industry. He says, “There are more attacks, more sophisticated malware, and more complexity ahead.” On the positive front, he notes, budgets continue to increase and security initiatives are very high profile, consistently getting boardroom visibility. “So, all in all, it’s the best of times and the worst of times for security folks,” he adds.

Your budget may be rising but is it enough to cover the cost of new preventative technology while you struggle to afford to maintain the necessary solutions you already have in place?

While its common knowledge that multilayered security solutions that cover gateways, endpoints, networks, and servers can help prevent ransomware infections, even the best security posture has gaps and it’s wise to at least investigate new technology solutions. But what should you look at if you have convinced management, or yourself, that ransomware should rise to the top of a very large pile of cyber threat line items? Once again, the Cyberthreat Defense Report could be helpful. Of the 16 network security technologies depicted in the survey, the one most sought after by 41% of the respondents this year is network deception technology.

There is no question that prioritizing the list of what to spend based on the myriad of costs any CISO faces can be extremely difficult. However, based on the overwhelming evidence that ransomware is in your future, you might take a look at deception technology as something to move higher on that list. If holding data hostage may be on the rise, so is one of its best deterrents. Considering the inherent costs, it may be time to avoid paying later.

About the Author
Carolyn has over 25 years of experience in high tech marketing and sales management. At Attivo Networks she is the Chief Marketing Officer responsible for overall marketing strategy, building company awareness, and creating customer demand through education programs and technology partnerships. She has built leading brand strategy and awareness, high-impact demand generation programs and strong partnerships for some of the industry’s fasted growing high-tech companies including Cisco Systems, Juniper Networks, Riverbed, Nimble Storage, and Maxta.