Pre-header Home Page null Facebook Twitter Linked In Google + Specialty Programs Personal Insurance Life Insurance Business Insurance Employee BenefitsSite Header
Get A Quote

7 Ways Ransomware Could Invade Your Company

APR 06, 2016 | BY MARLENE Y. SATTER

If you ask the Washington, D.C.-based Institute for Critical Infrastructure Technology (ICIT), this is the year when “ransomware will wreak havoc on America’s critical infrastructure community,” including financial services.

Ransomware basically locks the data on a computer — or the computer itself, or even an entire system or network — so that users cannot gain access to data or processes; it then holds the system and its data hostage, or even threatens destruction of the data, until the system’s owner pays a ransom for its release. The recent decision by Hollywood Presbyterian Medical Center to pay hackers $17,000 in bitcoin to release its entire digital network has highlighted just one of the dangers posed by such threats.

In the ICIT Ransomware Report, provocatively titled “2016 Will Be the Year Ransomware Holds America Hostage,” the authors lay out the threat posed by this rising form of hacking, which “is less about technological sophistication and more about exploitation of the human element.”


Malware installation


Ransomware can arrive on a computer system the same way other malware does, but ransomware threat actors — those who hold the data hostage — aren’t usually able to breach systems themselves. Instead they rely on a variety of methods to get their malware onto the systems they deem ripe for plucking. 

Why should you care about ransomware? Simple: ICIT says that “financial institutions are likely the next major sector to be targeted by ransomware, if their systems have not been infected already.” Ransomware attackers are 21st century highwaymen, the report says, “threatening the lifeblood of their victims — information” and “law enforcement has neither the time nor the resources to track down the culprits.”

In fact, if infected by ransomware, law enforcement itself often pays the ransom simply to regain control over its own computer systems. If the good guys are reduced to paying ransom, what’s a financial services company to do — particularly since the cost of being locked out of customer data can be far higher than paying ransom?


User awareness is key to deterring attacks


One thing companies can do is make sure that personnel are more aware of common ransomware attacks, since, as the report says, “[o]nly a societal cybersecurity reformation in user awareness and training will deter the attackers.”

The importance of not clicking on unknown e-mails or attachments, or even ads on reputable sites, and of learning to recognize bogus e-mails and ads, should be impressed on all staffers from top to bottom at financial firms. In addition, all personnel should be warned not to use unsecured devices for client data, connect unprotected personal devices (such as flash drives) to company systems and to keep their own antivirus protection up to date. Last but not least, firms should keep their own system protections current, ensure that all third-party vendors are thoroughly checked out, and have a plan in place to respond if they’re infected.

To that end, here are seven ways the report says ransomware can gain a foothold at your company:



1. Traffic distribution system


As if you needed another reason that watching porn at work is a bad idea. Traffic distribution services redirect Web traffic to a site hosting an exploit kit. That traffic can be pulled from adult content sites, video streaming services or media piracy sites.

Some ransomware groups may even hire a traffic distribution service to spread their ransomware. If the host is vulnerable to the exploit kit on the landing page, then the malware is downloaded onto the system as a drive-by download, sometimes without the user's knowledge.

2. Malvertisement


As with a traffic distribution service, a malicious advertisement can redirect users from a harmless site to a malicious landing page. Malvertisements may appear legitimate and can even appear on trusted sites if the administrator is fooled into accepting the ad provider or if the site is compromised.

Malicious threat actors can purchase traffic from malvertisement services. Redirected victims can be purchased according to geographic location, time of day, visited site and a number of other factors.

3. Phishing e-mails


These are the primary delivery methods of ransomware, simply because people are so conditioned to open e-mails and click on links and attachments. Even with training and awareness programs, the report said, most organizations find it difficult to reduce successful spear phishing attempts to less than 15% of personnel.

Botnets send spam or tailored phishing e-mails randomly or to personnel within an organization. According to Symantec, ransomware e-mails tend to masquerade as mail delivery notifications, energy bills, résumés, notifications from law enforcement or tax returns.

4. Downloaders


Malware can be delivered onto systems through stages of downloaders to minimize the likelihood of signature-based detection. Ransomware criminals pay other threat actors to install their ransomware onto already infected machines.

Ransomware could even act as a mask for a deeper malware infection unsuspected by users that will remain even after the ransomware is removed.

5. Social engineering


Social engineering and human ignorance can conspire to get people to install the malware on their own computers.

The report pointed out that fake antivirus applications tell users that their computer is at risk of numerous debilitating viruses, and performance optimizers convince users that their system can achieve better results.

Even locker ransomware (which locks a user out of a system, rather than encrypting the data the system contains) that appears as a malvertisement on other sites depends on users clicking on the prompt to initiate installation.

6. Self-propagation


Usually a form of crypto-ransomware (which encrypts a user’s data), some forms of ransomware are able to self-replicate throughout a network much as other kinds of malware do — such as spreading through a user’s contact book via messages into other systems. ICIT said that self-propagating ransomware is likely how malware will evolve, thanks to the growing interconnectivity of the Internet of Things.

7. Ransomware as a service

This is actually the outsourcing of malware to less-technical criminals.

The applications are designed to be deployed by almost anyone, with the original creator of the malware collecting a percentage of the ransom as a fee if the person using the creator’s ransomware is successful at collecting a ransom from the victim.



Originally published on ThinkAdvisor. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Posted 7:00 AM  View Comments

Share |


No Comments


Post a Comment
Name
Required
E-Mail
Required (Not Displayed)
Comment
Required


All comments are moderated and stripped of HTML.
Submission Validation
Required
CAPTCHA
Change the CAPTCHA codeSpeak the CAPTCHA code
 
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive


View Mobile Version
Site Footer
 Powered by Insurance Website Builder                                           
Owners and Team Pay A Bill Client Forms and Requests Newsletter Client Login Contact Us Client Login Feedback Privacy Policy Job Openings Testimonials Newsletter & Alerts Report A Claim Business Insurance Personal Insurance FAQs FAQs Disaster & Resources Our Partners About Us Mission Values Privacy Policy Client Services Client Payment HR360 Login Report a Claim Newsletters & Alerts Safety Resources Helpful Links Testimonials Contact Us