Ransomware Should Never Succeed

The recent uptick in ransomware is alarming—and it’s not just because cyber-crooks are achieving growing success rates. What’s most alarming is that so many organizations are falling victim to these attacks.

The March 2016 “McAfee Labs Threat Report” identified a 26 percent spike in ransomware attacks since the fourth quarter of 2015. However, anti-malware firm Enigma Software reported that these assaults surged by 159 percent from March to April of this year.

Ransomware resulted in more than $325 million in losses from January to November 2015, according to research conducted by anti-malware vendor Lavasoft.

“The uptick and variance in ransomware in the first quarter of 2016 … has been unbelievable,” stated FBI Cyber Division Assistant Director James Trainor, who recently spoke at the Center for Long-Term Cybersecurity at the University of California at Berkeley.

Indeed, a slew of organizations—including the Lansing Board of Water & Light, Hollywood Presbyterian Medical Center and a school district in South Carolina—have fallen victim to CryptoWall, CryptoLocker, Locky and other malware that encrypt files and data. The crooks then demand a ransom in exchange for a digital key that unlocks the files. In some cases, prices double or triple if the victim doesn’t pay the ransom within a specified time period.

What’s unbelievable about the ransomware epidemic is the number of successful attacks against corporations, utilities, governments, school districts and others—a number that should be a big fat zero.

Even if an employee unwittingly clicks on a link and unleashes the malware, or an infection occurs by some other means, there shouldn’t be major fallout or permanent damage. If an IT department and cyber-security staff are doing their jobs correctly, all the data should be backed up on external systems or in the cloud. Then, if an infection occurs, IT can restore the last backup.

Moreover, critical data should be air-gapped—essentially stored on a separate domain that is off the network and inaccessible to attackers.

The one thing that an organization absolutely should not do is pay the ransom. That only serves as motivation for cyber-gangs to step up assaults, and there’s no guarantee that another attack won’t occur.

Of course, ignoring the crooks is easier said than done—particularly when a business finds itself possibly going bust. But, as the Hollywood Presbyterian Medical Center learned $17,000 and 40 bitcoins later, you pay an expensive price for lacking backup systems and other basic safeguards.