According to the FBI, there were an average of 4,000 ransomware attacks per day in 2016, representing a 300% increase from 2015.1 The FBI expects ransomware payments for 2016 to hit $1 billion.2
In these attacks, cyber criminals gain access to systems, encrypt critical data to cripple the business, and demand ransom for the decryption key that will unlock the data and enable the business to restore operations.
In a seminar series co-sponsored by Sungard Availability Services and Dell EMC, Jeff Lanza, retired FBI special agent and now a cybersecurity expert, cites several public examples of US organisations that fell victim to ransomware last year, including:
* A large Los Angeles, CA, hospital was targeted by hackers that held its computer systems hostage. The hospital chose to pay the $17,000 ransom to obtain the decryption key, though it took ten days to fully regain access to their data and restore operations.3
* A municipal utility in Michigan lost access to its accounting and email systems when an employee opened an infected email attachment. An executive said that paying the $25,000 ransom “was sadly necessary."4
Successful first steps
In his presentations to security professionals around the world, Lanza says that these attacks wake organisations from their complacency about cybercrime, prompting investments in tighter perimeter defenses and a sharper focus on how they protect their data—yielding some encouraging results:
* A hospital in Kentucky sustained a malware attack on its network, but defences helped to limit the scope of the attack. The hospital was able to restore its systems from a backup without having to pay ransom to the hackers.5
* Hackers disrupted systems at the San Francisco, CA light rail transit system, shutting down its ticket machines. The agency refused to pay the $73,000 ransom demanded, and instead let customers ride for free for a day while its IT team restored systems from backups.6
Why traditional defences and backups aren’t enough
While traditional defences, such as malware detection and prevention systems, and backups are good first steps, they lack the complete protection needed against the impacts of ransomware. Attackers are evolving their methods, targeting not just production data but attempting to delete or encrypt backups as well -- so that businesses often have no choice but to pay the ransom.
To stay ahead of such threats, companies are establishing “gold copy” backups, separated by an air gap from the network, rigorously managed and periodically tested.
1 FBI ransomware facts 2015 and 2016 https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view
2 FBI cited as source for billion-dollar cost in 2016 http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646
3 California Hospital Pays $17,000 To Hackers In Ransomware Attack http://sanfrancisco.cbslocal.com/2016/02/18/california-hospital-ransomware-attack-hackers/
4 Lansing Utility Paid $25,000 Ransom After Cyberattack http://www.freep.com/story/news/local/michigan/2016/11/09/bwl-paid-ransom-cyberattack/93576218/
5 Methodist Hospital Recovering from Five Day Ransomware Attack http://www.healthcareitnews.com/news/methodist-hospital-recovering-five-day-ransomware-attack-claims-it-did-not-pay
6 Ransomware Attack Hit San Francisco Train System https://www.usatoday.com/story/tech/news/2016/11/28/san-francisco-metro-hack-meant-free-rides-saturday/94545998/