SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
One in three ransomware attacks target business users
Fri, 15th May 2020
FYI, this story is more than a year old

One in three ransomware attacks target business users, according to new information from Kaspersky.

The cybersecurity specialist says ransomware has become a big challenge for many organisations, and despite the attack method not being the most advanced threat from a technical point of view, it allows criminal actors to block business operations and extort money.

As a result of a ransomware incident, organisations lost on average $1.46 million in 2019; which included costs for downtime, fines and reputational damage.

"On May 12, 2017, the largest ransomware epidemic in history, WannaCry, reached its peak. Three years later, this and other ransomware threats are still affecting people and companies," Kaspersky says.

Recent Kaspersky research has revealed that in 2019, WannaCry kept its position at the top of the most prevalent ransomware families, while almost a third (30%) of those targeted by ransomware were corporate users.

Kaspersky is urging organisations to think about backing up their data and adopting relevant protection in order to avoid any potential ransomware siege, and so a catastrophe similar to WannaCry doesn't happen again.

"The WannaCry attack became the most noticeable of its kind, spreading with the help of an advanced cyber-weapon, EternalBlue, which is a complex and effective exploit used to target the unpatched vulnerability in Windows. As a result, WannaCry caused a real worldwide cyber-epidemic," the firm says.

Despite the prevalence of ransomware, Kaspersky says there is little reason to give up, as protection from ransomware is possible through feasible security measures.

Kaspersky, together with INTERPOL, is encouraging organisations to follow certain security practices and make sure they have reliable protection against ransomware, especially since recent statistics confirm that the threat is still relevant.

According to Kasperskys research, a total of 767,907 users were attacked by encryptors in 2019 with almost a third of them (30%) being in businesses. Of all the encryption families, WannaCry still was the most common in 2019, it attacked 164,433 users and accounted for 21% of all detected attacks. With a significant margin, it was followed by other families such as GandCrab (11%) and Stop (4%). The first one is a well-known ransomware-as-a-service, developed by a team of criminals and rented to the broader community and has been distributed for years. The Stop ransomware campaign is also a well-known threat spread through compromised software and websites, as well as adware.

Since the outbreak of WannaCry, cybercriminals have diversified their attack vectors to launch ransomware attacks. Their focus and attacks have become more targeted and moved to businesses, governmental and healthcare organisations where the information is critical, so as to demand for higher ransom.

Hospitals were the most vulnerable amid the COVID-19 pandemic, as those attacked have lost access to critical medical equipment and patient information. INTERPOL Global Cybercrime Programme has supported those victim organisations to recover from the attacks and prevent any further damages.

The WannaCry epidemic, which saw companies lose millions because of downtime or costs related to reputational damage, demonstrated what can happen if ransomware happens on such a large scale. The threat remains relevant today, as there will be users out there who still may not know much about it and can become a victim. T

Kaspersky says the good news is that the right security approach and relevant measures can make ransomware yet another non-critical threat.

 To help businesses stay protected from ransomware, experts suggest that organisations should take the following anti-ransomware measures as soon as possible:

Explain to employees how following simple rules can help a company avoid ransomware incidents. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform.

Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability. Make sure you can quickly access them in an emergency when needed.

It is essential to install all security updates as soon as they become available. Always update your operating system and software to eliminate recent vulnerabilities.

Try free Kaspersky Anti-Ransomware Tool for Business. Its recently updated version contains an exploit prevention feature to prevent ransomware and other threats from exploiting vulnerabilities in software and applications. It is also helpful for customers that use Windows 7: with the end of support of Windows 7, new vulnerabilities in this system wont be patched by the developer.

If a corporate device is encrypted, remember that ransomware is a criminal offence. You shouldnt; pay the ransom the attacks demand. If you become a victim, report it to your local law enforcement agency.