This blog was written by Bill Sweeney at BAE Systems, a Peak 10 partner.
Hackers are hitting soft targets all over the world using ransomware to gain access to data, encrypt it and then hold it ransom. Targets include servers, networks and, home computers. It’s difficult to say how much money has already been paid out from these crimes, because they are often not reported due to compliance restrictions, law enforcement guidance, and even plain old embarrassment on the part of the victim.
Ransomware attacks are increasingly hitting smaller enterprises with less security infrastructure, like hospitals, fire stations and schools rather than large organizations with layered security. Usually – and regrettably – the only option for corporations and individuals is to pay the ransom to get their data released. Ransomware is growing at these rates because it’s so easy to monetize, and it means a direct and easier payday for the criminal.
A recently reported incident includes the Hollywood Presbyterian Medical Center, which was held to ransom for $17,000. The hackers broke in via email, locked out users, encrypted some devices and systems and demanded the ransom be paid in Bitcoin to get the encryption keys, or else the data contained in those systems would remain inaccessible.
It’s a slippery slope to pay ransoms. Hospitals provide emergency care, maternity services, cancer care, physical therapy, and specialized operations such as fetal and orthopedic surgeries. Imagine all of the people who could have serious health issues if their medical history was unavailable because the hospital didn’t pay. That doesn’t count the losses incurred as patients were diverted to other hospitals during the attack.
Now imagine what would happen if this were your business. When a company loses access to their data, the choices are: pay the ransom and get back online fast, or try to get the data back with the help of law enforcement. To be better prepared and to mitigate these risks corporations have to perform advanced analyses of email attachment behavior to stop ransomware and other email-borne security attacks before they ever get near a user’s email inbox.
Newer attacks use remotely controlled, and sandbox-aware, malware that can detect when it is in a sandbox and evade detection. The criminals that craft these advanced attacks are determined and financially motivated, so they outfox legacy security tools.
We think about a fifth of malware today is sandbox-aware, and won’t be caught by the corporate email sandbox. These criminals don’t release their malware to gain a foothold onto your network until they know they have evaded detection and prevention tools.
It’s harder to craft an attack that masks behaviors, so you need detection tools that assume criminals will get past your perimeter defenses. Have an email security plan which along with anti-virus, firewall, and sandboxes just to cut down the number of successful attacks and also so you can prevent IT security alert fatigue at the same time.
Original content owned and published by BAE Systems.