In early 2016, CEO and co-founder of PhishMe, Rohyt Belani, was quoted as saying "Ransomware attacks have the potential to become the biggest crime in digital history. They threaten every major sector, from the healthcare industry to government agencies, drive unquantifiable financial losses and, in the case of healthcare, could have life and death implications."
Today his words are ringing true. While Ransomware has been a growing threat for years, recent attacks, like WannaCry and NotPetya, show just how big of a threat it has become.
Today, there are many different types of ransomware, with multiple variants of each type. Plus new, more sophisticated ransomware is being introduced at an alarming rate. Just check out this graphic developed by F-Secure.
Why is ransomware so prevalent? Because it has a great business model, and can make a lot of money for the perpetrator.
It’s clear that ransomware is here to stay, and how it will evolve is the subject of many security blogs. At the 2017 RSA Conference, a panel led by Brian Russell, Chair of the Internet of Things (IoT) Working Group, discussed The Future of Ransomware on the IoTs. Here are some of the predictions that came out of that discussion.
- Entire classes of IoT devices will be targeted for distribution of ransomware, along with other attack variants. They’ve already been used successfully for Distributed Denial of Service (DDoS) attacks. When you have half a million devices ready to attack, you can generate an amazing amount of bandwidth.
- Targeting will branch out from the classic standalone computers to IoT and vehicles.
- Ransomware definition will evolve from simply encryption-in-place, to removing control of resources from the owners.
- Demands may not be monetary. This is a real shift if purpose, as the original goal of ransomware was to make money. I take your stuff, you give me money, and I give you your stuff back. Emerging goals include disruptions or publication of sensitive data. This is troubling because if someone just wants to make money, they’re most likely going to play by their own rules. Meaning, you’ll get your stuff back if you pay. But once you move to these other motivations, it’s a less stable environment where you can’t predict the outcome. Learn more about the changing goals of Ransomware in The Evolution of Ransomware.
- Attack vectors will evolve to include radio frequency and wireless.
How to Protect Your Business from a Ransomware Attack
One of the most important takeaways from the discussion at RSA is that entities will need to rely on their controls and business continuity plans (BCP), and not on ransom payments. At Tyler, we’ve always said, cybersecurity starts with your controls. If your control environment is sound, you reduce the potential of infection, and even if you are infected, you will be able to stop it quickly.
We have a lot of evidence to support this. Our clients who have the right, well-implemented, and managed detective controls in place, have been able to identify a ransomware attack immediately and contain it.
It really comes down to building a cybersecurity culture – one that is built around people managing controls with processes that are vital, updated, and there is accountability and auditability built in at every step. This starts by building a foundation of institutional knowledge, and carefully considering how people, process, and technology play interdependent roles.
Learn more about how you can ensure that your organization is ready to confidently respond to, and survive, a ransomware attack, in our blog post Ransomware Defense Tips - Incident Response Preparation.
Ransomware Incident Response Checklist: The key to successfully responding to and managing incidents is a comprehensive and rehearsed incident response program. Tyler's Ransomware Incident Response Checklist will provide you with an outline of the key steps needed to help your organization prepare for a Ransomware attack - including preparation, analysis, mitigation, and wrap-up.