Sigma-ransomware1.jpgNobody would argue that 2016 was the year of ransomware, which tops many lists of the greatest security concerns in the enterprise. According to Kaspersky Lab, a ransomware infection happened every 30 seconds during the third quarter of 2016. The FBI even released a technical guidance document to help organizations protect their networks from ransomware. The FBI reports that the number of ransomware attacks increased from 1,000 per day in 2015 to more than 4,000 per day in 2016.

Ransomware is a type of malware that encrypts or blocks user access to critical data and systems. Attackers attempt to extort and intimidate victims by demanding payment to have access restored or data decrypted. Ransomware is typically delivered through phishing emails that trick users into clicking links or opening documents that automatically download malware.

As bad as 2016 was, ransomware attacks are expected to increase in number and sophistication in 2017.Attacks are now targeting backup systems, creating a more desperate situation for users who are unable to access backups. The trend of using full disk encryption to block access to entire systems is expected to continue. Hackers will increasingly use professional-grade tools, including the Advanced Encryption Standard for encrypting files and the RSA encryption algorithm for key exchange and storage. Although most ransomware attacks are not targeted, an increase in targeted attacks is expected so hackers can demand higher ransoms.

Because data and applications are essential to business operations and any downtime can be costly and dangerous, many companies choose to pay the ransom. However, there is no guarantee that data will be restored, and hackers could be emboldened to ask for higher ransoms or take more data hostage. This is why the FBI recommends against paying the ransom.

Prevention is the best way to avoid the headache and hardship caused by a ransomware attack. Educate employees about ransomware, the risks involved and the deceptive techniques hackers employ to fool users. Frequently back up data, keep your backups offline and test your backup and restore processes. Revisit user permissions to prevent unauthorized users from accessing and modifying files. Keep antimalware and threat information current, and update processes for patch deployment to avoid delays. Finally, make sure you have an incident response plan that includes ransomware.

There are also new security tools that can help. The SecureWorks Counter Threat Platform (CTP) is a cloud-based, early-warning system that uses analytics, applied intelligence and context to detect and respond to threats. By providing both qualitative and quantitative intelligence in a network-aware, automated system, CTP enables organizations to make more educated security decisions in real time. CTP also includes an ecosystem of security products and vendors that allows you to add CTP capabilities to your existing security tools.

Ransomware is a serious threat that will only become more dangerous in 2017. Let Sigma help you develop a ransomware response plan and show you how SecureWorks CTP can provide the tools and intelligence you need to prevent a successful ransomware attacks.

by Michael Renner, Sigma Business Development Manager