Ransomware: Data Responsibility in the Cloud
Cloud Security for IaaS
Every enterprise should consider ransomware protection an integral part of their data recovery and business continuity plan. Malware attacks are becoming a normal part of the IT landscape. Creating criteria for prevention, detection and data recovery is critical to business recovery in the unfortunate case an attack occurs.
With most businesses relying on desktop computers for day-to-day activities, the opportunity to infiltrate an organization is increasingly possible. While many organizations believe that their business might be too small, an attack effectively disables any organization – regardless of size.
What is Ransomware?
Ransomware attacks infiltrate an organization when an unwitting employee opens an infected link or email attachment.The malware infects the employee’s computer, and can then spread across the network. With access to the files stored on individual computers and across the network, the ransomware takes control. It locks, encrypts and makes the data unavailable to employees. With the data under their control, the attacker makes a ransom demand to restore access.
In some cases, attackers demand payment within a set period of time. If the business doesn't meet the timeline - the attackers threaten to permanently delete the data. Even once the ransom is paid, some attackers don't restore access to the data. In some cases, payment indicates an opportunity to extract more money from the victim. Thereby prolonging IT system downtime - and reducing productivity.
In many cases, user behaviour and gullibility are responsible for ransomware vulnerabilities. That means end-user awareness training could prevent many ransomware attacks. In other cases, out-dated anti-virus solutions are to blame. For many organizations, IT infrastructure budget is an afterthought. The focus is on the core business - and not the protection of data.
The Growth of Ransomware
Ransomware was once the domain of expert programmers and IT security masterminds. As ransomware proves profitable for the attackers, the attacks grow more prevalent.
Organizations pay an average of $6,000 US for the return of their data after a malware attack. Ransomware attacks increased 97% in the past 2 years, and ransomware now costs businesses $75B a year. With malware 'revenues' spiking, enterprising IT cyberattackers now see the window of opportunity to offer “off-the-shelf” ransomware in illicit online marketplaces. Allowing even less sophisticated users to attack unwitting organizations.
What's the Impact?
Ransomware attacks make corporate data, and sometimes entire networks, unavailable to the users. That means those organizations can not proceed with business as usual, causing productivity and sales losses. In the case of public service organizations, clients may not have access to vital services when service organizations can not access their digital records.
Perhaps more alarming is the risk that ransomware poses to end-users and customers. The ransomed data often contains valuable personal information, making identity theft a real threat at the hands of the attackers.
Types of Ransomware
Ransomware comes in many shapes and sizes. They all have one thing in common: a ransom demand.
Crypto is perhaps the most well-known form of malware. Crypto gains access and encrypts network files. WannaCry ransomware attack targeted thousands of computers around the world and disabled corporate networks around the globe.
Lockers are known for infecting an operating system to lock users out of their computers - making it impossible to access data or applications.
Scareware is fake software that acts like an antivirus or a cleaning tool. Scareware often claims to find issues on a computer, then demands payment to resolve the issue. Some scareware locks the infected computer, others flood the screen alerts and pop-up messages.
Doxware threatens to publish the stolen information is ransom isn’t paid. As more people rely on personal computers to store sensitive files (eg. personal photos), they understandably panic and pay a ransom if files have been stolen.
Ransomware as a Service (RaaS) is hosted anonymously by a hacker. The attacker acts as a management service for a percentage of the collected ransom. RaaS includes distributing the ransomware, collecting payments, and deploying decryption tools to restore data access.
Examples of Ransomware Attacks in Canada
U.S. cybersecurity firm RiskIQ found that one organization falls victim to a ransomware scam approximately every 40 seconds, at an average cost of $15,000. Ransomware is a global phenomenon.
There is a significant differentiator in Canada: the average cost of downtime was estimated at $49,500 US. This is estimated to be higher than the average in other countries surveyed.
Municipality of Midland
In Ontario, the Municipality of Midland found their employees completely locked out of their computer system. During a 48-hour period, all computers connected to the municipal network were unusable. The town paid an undisclosed number of Bitcoins to regain access to their own network.
Quebec Taxi Intermediary Reunion (RITQ)
The Quebec Taxi Intermediary suffered a ransomware attack in July 2018. Instead of responding to the ransom request, the RITQ requested the support of the Quebec Police Service. The RITQ worked to restore their IT network functionality, but even after 10 days the network still suffered from lag-time delays inflicted by the effects of malware.
Town of Wasaga Beach
The town of Wasaga Beach, Ontario suffered from a ransomware attack in early 2018. Municipal employees could not access data for several weeks while the town negotiated the ransom demand. The town paid approximately $35,000 to attackers in cryptocurrency, but the real cost of downtown reached $250,000.
CarePartners, an Ontario government healthcare service provider, announced a security breach in June 2018. The names and contact information of tens of thousands of patients, as well as detailed medical records, were stolen in a ransomware attack. In total, 627 patient records and 886 employee records were compromised in the attack.
No Business is Too Small
Ransomware attacks are serious concerns for businesses of any size. Those small or mid-sized businesses without full-time IT experts on staff lack the resources and know-how to deploy effective anti-viral software or back-up and disaster recovery solutions.
Without effective safeguards and internal security precautions in place, organizations of ANY size are exposed to ransomware attacks. Working with a Managed Service Provider of IT Solutions partner can help plan for disaster recover, and also, deploy an anti-virus solution that prevents attacks.
Read on if you’re curious about how HostedBizz deals with disaster recovery after a ransomware attack.