Ransomware - Where? How? Why?

in #ransomware7 years ago


Ransomware - a delicate subject, that is almost becoming taboo, especially when I bring it into conversation with my clients.

Why is ransomware bringing fear in the souls of so many IT professionals?

It has this effect for a good reason. Many of them have experienced Ransomware and there is no good experience when it comes to this particular type of malware. Best case scenario, it can be called a hassle, a headache, but worst case scenario, it can be a nightmare, depending on how well the company manages to recover from an attack.

That is why we ask the tough questions:

Where?

Where does Ransomware land first in a network and what devices does it usually infect?

Last year, Osterman Research, conducted a research that Malwarebytes released to the public and we can see their findings below:

Almost 50% of ransomware enters a network by infecting a desktop. That is because desktops are still very popular for many organizations and thus, they make up for the main type of end-user hardware out there. This will slowly change as advancements in technology become available on the market.

One thing the report highlights is US clients have the lowest rate of ransom infection at the desktop level, while countries see increases up to 74%. The problem is with the mobile workforce. US companies have the highest level of infiltration from laptops, 36%. This is an indication that once the devices tend to leave the network, they become more vulnerable to ransomware. There is also a lack of appropriate endpoint protection on the laptops, relying too much on the protection at the firewall and network levels.

How?

How does Ransomware get onto a network and what methods does it usually use?

From the same study we can see how Ransomware usually infects a network:

Compared to the US who has 59% infiltration rate through email, Canada sees only a 30% infiltration rate. By contrast, business applications are a much more common method of infiltration in Canada than in the US. One explanation for Canada’s lower rate of infiltration by email as a treat vector may be attributable to the Canadian Anti-spam law(CASL) that went into effect on July 1st 2014.

This report shows that appropriate layers of protection and ongoing cybersecurity best practices for staff could significantly reduce the amount of ransom infections companies face.

Why?

There is one main reason that drives most cyber-criminals: financial gain. Victims of ransomware pay. A recent study published in April of 2017 shows that 38% of consumers pay.

The sad part is 45% of consumers do not know what ransomware is. How can people protect themselves from an unknown source of danger online? They cannot. With companies, the situation is different. Many do not publicly admit the payment of a ransom for valid reasons. Very few attacks are executed against large corporations just to make a point, most of them are for profit.

In conclusion, even though there are no magic solution to offer 100% protection against cyber-threats, a multi-layered approach to protecting endpoints on a network paired with ongoing training for the staff, should mitigate the risk of infection.

About the author:

Ioan Hipp is not a mathematical genius, he is not a world renowned expert or a prominent figure in the cybersecurity industry. He is just a passionate person on the new cyber world that our IoT is developing into, a storyteller and a contributor to a better society.