As technology has evolved over the years, so have malicious actors. One of the worst types of malware, ransomware, has greatly affected numerous companies and individuals. Unfortunately, ransomware attacks are becoming frighteningly frequent.
For example, the number of ransomware attacks in 2015 was 3.8 million. While this number is already high, it is nothing if we consider the ransomware attacks from 2016: 638 million. The attacks then rose an additional 250 percent in 2017.
An attack every 10 seconds
Ransomware is the most popular type of malware attack. Individuals are attacked every 10 seconds while businesses are attacked every 40 seconds, according to Kaspersky Security Bulletin in 2016. In addition to expert cyberattackers, those with low tech knowledge have also been creating “copycat ransomware variants” to try their hand at this crime.
While you might think that only small, ill-equipped businesses are attacked and affected, this isn’t true. A quarter of businesses that were attacked by ransomware have over 1,000 employees, and 71 percent of all companies targeted by these types of attacks were affected.
With less than 30 percent of targeted servers not getting infected, this shows that, clearly, our IT defenses are not properly set up to defend against malware, particularly ransomware. The problem is that, with 4.3 times new ransomware variants just in the first quarter of 2017 compared to Q1 2016, it’s difficult for security solutions to keep up.
The solution for this particular problem likely utilizes machine learning so your computer can make connections from previous ransomware attacks to understand and defend against the new variants quickly.
Yesterday’s solution of saving a copy of all of your data on a local backup server is dated. Having a local copy isn’t bad, and it can help your business recover quickly in most cases, as long the issue isn’t a large site outage. Additionally, if you want to send files between this backup server and your main server, you don’t have to worry about sending the files through an Internet connection that could be infiltrated.
However, while the cloud has a huge effect on this industry, it isn’t the only reason that people are changing the way they back up their files. Instead, ransomware is getting ever-more sophisticated; it can now find its way through to corrupt not only a single server but also your backup servers.
Devastating effects of ransomware attacks
Ransomware can be devastating, corrupting all of the data on your network quickly, spreading from server to server and quickening as it spreads. This method is very common, with almost half of ransomware infecting at least 20 employees by either encrypting files through shared network drives or finding multiple employees to fall victim to the initial attack.
If we take a look at the polymorphic ransomware Virlock, each time that you clicked on an affected file, the attack starts all over again, spreading even after you thought it was under control. On the other hand, ransomware attacks can also just make small, subtle changes over time that take weeks or even months to detect.
These two forms of ransomware both have a system that tries to avoid your security. If your data is corrupted rapidly, data protection solutions might not be able to handle the new rate of data churn. On the other hand, if the changes are subtle enough to not be caught for months, they could delete the uncorrupted copies of your data on your backup server before you realize anything is wrong.
While some people still believe that ransomware attackers enter a server through phishing emails or other similar scams, this way of transporting attacks actually fell by almost 50 percent in the first quarter of 2017. This is likely because the public was more educated about these types of attacks, with 7 out of 10 malicious emails delivering ransomware in 2016.
RDP: An opening for ransomware
Instead, the majority of ransomware infections in 2017 were delivered via Remote Desktop Protocol (RDP), bypassing human error similar to the huge WannaCry attack. In this case, the ransomware was directly executed after gaining remote access via Microsoft’s Server Message Block (SMB).
When attacking via RDP, attackers scan for open ports, similar to SMB break-ins. Then, once this is found, attackers brute force weak or default passwords, gaining entry. Many attacks in 2017 were performed this way, even though it is relatively simple for both businesses and individuals to secure against it.
Although only about less than 5 percent of compromised companies pay the ransom (with four in five of these getting their files back), almost all businesses take at least two days to get access to their files, with one in three not having access for five or more days.
This cost can be much more damaging to companies than the ransom itself. According to Imperva, every day of downtime can result in $5,000 to $20,000 in lost business and damages.
How can you help protect yourself? One way is by eliminating credential reuse. While it’s beneficial to not have too many top-level administrative credentials so you have fewer accounts that could be compromised, it also isn’t good if one administrator has too much access.
For example, you should not have a virtualization admin who also has access to the backup server; there should be two different accounts with different passwords. Additionally, if you backup your information to a site or the cloud, it should have separate credentials from your network so your backup will stay protected.
Malware is able to “look at the backup server configuration, identify where it might be sending disaster recovery copies, then go infect those servers, effectively wiping out the entire organization by eliminating all of its data.” Never browse the web as the domain admin.
Make sure your data exists in multiple secure and separate places with different credentials. This way, if you are attacked by ransomware, you can hopefully retain backups of your data.
What’s the solution?
While changing your credentials and separating files helps you keep a backup, it doesn’t help protect against the attack in the first place. Malware is a huge, growing problem in the cybersecurity field that needs to be more closely monitored and protected against. For this, the likely solution is machine learning so security solutions can keep evolving at a quicker speed than the malicious attacks are.
Photo credit: Shutterstock