Paying ransomware attackers perpetuates attacks, says researcher

Ransonware in organisations is continuously advancing and needs be factored into companies cyber defence strategies in 2017 and the future, this can only be done once the basics have been taken of, this comes from Kaspersky Lab research.

According to David Emm who is the principal security researcher at Kaspersky Lab, Ransomware will carry on to be a successful business model with attackers all the time victims continue to pay. Ransomware bucks the trend towards stealthier, less visible attacks because it is as in your face as a mugging,” he told Computer Weekly.

Most of the time Ransomware will encrypt critical data, which then in turn demands payment, normally by bitcoin to enable the data to be unencrypted to its original form.

Around 5 years ago David Emm said, it would have seemed unlikely that ransomware attacks would become as successful and common as they have.

“At first, ransomware was targeted more at individuals and small businesses, but they have since become massively successful in generating income by targeting large and small organisations alike, especially in sectors such as healthcare, telecoms and media,” he said.

Again according to David Emm, over the past two years Ransomware has seen its biggest growth yet, around 62 new forms of ransomware were identified in 2016 alone.

“In that period, we have seen ransomware evolve from being purely speculative to being more effective, more targeted and more polished, with fewer errors in the encryption,” he said.

Kaspersky is also warning that Ransomware will continue to grow to be a threat to virtual desktops and in particular virtual desktop infrastructure (VDI).

Ransomware attacks having also been given a boost due to the increase in cloud-based services which enable cyber criminals to make money from, even when they have virtually no technical skills.

“Like we saw with banking Trojans such as Zeus before the code was eventually open sourced, ransomware creators are renting out the malware for use by others,” said Emm.

A useful way to lessen the effects of Ransomware attacks is by continuously performing regular data backups and restore, this method has been tried and tested.

David Emm does however accept that it can be difficult for some organisations to achieve an effective backup regime, businesses are faced with typical challenges such as budget, time, storage and logistical constraints.

Businesses overall are looking at ways to solve these challenges by using cheaper, easier accessible, cloud-based backup services, whilst other businesses are putting aside funds to pay ransoms and by taking out cyber insurance.

David Emm and his associates in the security industry, firmly believe that by paying cyber criminals behind any ransomware attack with only strengthen their business model.

“Organisations that look to cyber insurance to either cover the cost of lost data and lost business or even to pay ransoms should read the fine print to ensure they have appropriate cover,” he said.

Kaspersky Lab are expecting to see new and emerging cyber security threats relating to the internet of things, non-traditional financial services companies and mobile devices.

“For most IoT device makers and financial service providers such as Tesco Bank, security is not part of their core business, nor is it as ingrained as it is in the traditional banking sector,” he said.

Both industries are examples of companies looking to exploit information technology without properly understanding the security implications and how to mitigate them, said Emm.

The proliferation and adoption of mobile financial service apps is also an area of concern, he said. “Failure to pay more attention in this area could result in many people being blindsided.”