Friday 16th August started just like any other day.
Government workers, state police, and public officials settled into their morning routine — but then, disaster struck.
A ransomware group took down the entire computer network of government agencies and police services in 22 towns across Texas. It’s likely one of the widest-scale attacks of its kind in recent times.
One town could no longer accept utility or tax payments. Another lost access to nearly all its data while, to make matters worse, both its computer and phone systems dropped offline.
There was no way of responding to queries or complaints. The State of Texas had to launch a coordinated response to combat the threat, calling on high-profile security experts to bring the situation under control. Which begs the question… what can we learn from this state-wide assault?
It seems ransomware groups have changed tactics. They’ve moved from low-stakes attacks on single consumers to embark on big-game hunts — these days, the larger the organization, the higher value the prey.
Government agencies, national corporations, and businesses like yours are the jackpot.
Ransomware attacks on business are the new norm
The Texas attack was just one of five events targeting large-scale organizations.
And that’s this year, alone. The Symantec Internet Security Threat Report 2019 highlights an emerging trend: while 2018 saw fewer cyber-threats aimed at individual consumers, attacks on business surged by 12%.
If the rise sounds modest, reflect on the fact that businesses now represent 81% of all ransomware infections.
And the criminal’s new focus makes sense.
Consumers used to be an easy target for fraud. A few simple messages saying, “Your computer has been compromised. Download anti-virus software now to keep it safe.” was once enough to scare a small fortune out of less-informed users.
Then, this basic “scareware” evolved into actual software designed to lock a system — and demand a modest ransom to release it — but security consultants could often find a workaround to restore the victim’s computer to its unlocked state.
Until, in 2016, genuine ransomware took off. Email spam campaigns began to bombard inboxes: fueled by the rise of bitcoin and other novel ways to quickly defraud consumers of a few bucks.
Sometimes, all it took was a malicious link, a click, and a system would under the attacker’s control. But now, the general public has wised up. Researchers have found that just 3% of consumers are impacted by ransomware each year — with a mere 4% of those affected actually paying the ransom.
What this means for the cyber-criminal is returns are too low: enterprise targets have become a better investment.
Rising cost of mass-target ransomware attacks
The low strike rate also means the cost of consumer-targeted attacks is on the up.
To make them profitable: ransomware groups are having to automate the process. They need to create ever-more sophisticated software. Then, use botnets to target millions of consumers at once.
Still, of the small fraction of users who pay a ransom, research suggests only a few would ever hand over more than $1,000. And where individuals are concerned, people are much more likely to risk trying to solve a problem themselves. They may use anti-virus software. They may restore data from a back-up. Or, perhaps they’ll seek assistance from a security expert — and where none of the above works, they’ll simply reformat their device.
One thing’s clear: consumers are more trouble than they’re worth.
But…. compare the mass-market strategy to finding one high-value target, and it becomes easy to understand why your business emerges as a prized-kill — as an enterprise, you put a lot more meat on the table.
Further, the ransomware itself often targets vulnerabilities on Windows machines: the operating system of choice for businesses, both large and small.
Educate your staff and mitigate the threat
The truth is….
While taking over your entire computer network is the attacker’s primary goal, they will gladly try to infiltrate your organization by duping any one of your employees.
And though you may think malware infection should only ever happen once, it will serve you well to think again.
Symantec’s report has shown that people don’t always alter their behavior whether they know of a security risk — or have, indeed, already suffered an attack:-
- One-in-three users won’t change their browsing behavior after a hack
- Just 31% will bother to update their existing anti-virus software
- While one-in-two won’t bother to install any anti-virus software at all
Taking these facts into account….
Individual employees will always be a potential target for an attack as people just don’t take the necessary steps to protect themselves.
— “So, what are the necessary steps?’ you ask.
The single most effective step to prevent ransomware is to back-up your data: something only half of all computer users ever does.
But if you get your staff to keep their systems backed-up, you are 95% of the way to securing your business. And while it’s near-impossible to achieve 100% security….
There are several other actions you can get your staff to take (or stop taking!) to protect your network further, mitigate the effects of a ransomware attack, and avoid ever having to pay to recover your data.
As according to the latest Stanford Research, users who:-
- Frequently download files from torrent sites
- Fail to back-up their data
- Download resources from untrusted applications
- Choose not to password-protect their device
….are at a 7% higher risk of falling victim to ransomware than other users.
So — the lesson is simple.
Educate your staff about these four perilous acts, and you can put your business out of range of a ransomware attack.
Protect your business from ransomware with remote security monitoring — give Midcoast Tech a call on 207-236-0021 to learn how.