Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

How Mid-market Enterprises Can Protect Against Ransomware Attacks

Ransomware Malware Threats to Business

Ransomware Malware Threats to Business

Whenever a data breach happens within a large enterprise, it tends to make headlines. And there were plenty of those in the news last year, from the IRS to Anthem to the U.S. Office of Personnel Management to Ashley Madison. Mid-market enterprises tend not generate big headlines, as far as cyber attacks go, but that doesn’t mean there weren’t more than enough to go around. Hackers are getting more sophisticated each day, and businesses have to contend with not only zero day threats but also souped-up versions of longstanding threats. An example of this is the evolution of popular ransomware tools like CryptoWall and CryptoLocker, which saw a resurgence in 2015.

Most cyber attacks targeting large enterprises are the result of highly sophisticated campaigns. Attackers will have likely spent months testing perimeter defenses and conducting social engineering reconnaissance work. Unlike these targeted, custom attacks executed by experts with specific goals, ransomware is a massively scalable attack that aims to infect as many users as possible via malicious emails or compromised web sites. It’s a similar concept to the Zeus financial Trojan, but instead of stealing money from a victim’s bank account, it runs automated crime logic to encrypt data with no manual intervention.

Because of its ability to cast a wide net, ransomware is a popular tool for hackers. Panicked businesses are often quick to pay a ransom to get their data back, but this is ill-advised since it informs the rest of the hacking community which targets are more likely than others to pay up. Nevertheless, there has been a significant increase in available ransomware. According to McAfee Labs’ recent quarterly threat report, there has been more than a 100% increase in total ransomware in Q3 2015 compared with the same quarter in 2014.

The true tale of a ransomware attack

Recently, a law firm owned by a friend fell victim to a ransomware attack. A paralegal was caught in a phishing scheme, encrypting her AV-protected PC disk with the latest strain of CryptoWall malware. Even though the firm had limited back ups of the data, it was advised to not pay the ransom. There were bugs in the private/public key system use by the CryptoWall malware, creating a situation where the files could not be decrypted even if the firm paid the ransom. So the firm decided to cut its losses and give up the data, and make the move to the Cloud-based Office 365.

Despite the alarm bells that have been sounding for several years now, there are still too many organizations that don’t think they’re the targets of hackers. After all, why would a nation state or an organized cybercrime group take the time and effort to target an organization with a limited customer base and few commercially valuable assets? They can’t really use anything for cyber warfare or to monetize in the black market. But this false sense of anonymity paired with a lack of security resources and expertise is exactly what makes mid-level enterprises such lucrative targets for hackers. However, there are a few opportunities for businesses to stop ransomware:

Don’t open suspicious emails and attachments. Yes, this is an obvious answer, but one that bears repeating. The weakest link in the cybersecurity chain is a company’s own employees. If phishing scams weren’t so effective, they wouldn’t be the root of most cyber attacks. The base anti-virus program should be paired with an in-depth cybersecurity awareness training program for all employees.

Warn users of suspicious websites. Deploy a strong URL filter to stop or at least alert users that they may be navigating to a risky website. Where attachments fail, malicious websites will often do the trick.

Detect incoming malicious files. Another mechanism for defeating ransomware is to catch malicious files coming in through a strong anti-malware or sandboxing solution. This reduces the risk of infection should an employee accidentally download a malicious file.

Look for malicious outbound traffic. If you do find yourself infected, there’s still hope. For ransomware to work, it has to generate the encryption key pair and deliver the public key to the machine via its command-and-control (C2) server. However, the encryption stage can be impeded if the business can detect and stop the outbound request.

Most top-of-the-line security appliances are cost-prohibitive to any business that’s not a large enterprise due to the difficulty of acquiring, installing, configuring and maintaining them. Instead, mid-market enterprises can look for ways to maximize defenses while offloading the costly ongoing care and feeding work. Mid-market enterprises with limited resources and weak defenses are a particularly good target for ransomware attacks: they have just enough assets worth paying for, and the capital to do so.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.