Move, countermove: The best way to fight ransomware
Crypto-viral criminals are becoming ever more sophisticated, but so are their targets
MAY 01, 2017 | BY WILLIAM KELLY
The decades-long geopolitical struggle known as the Cold War comes to mind when looking at the current, ongoing fight against ransomware.
Sure, the stakes in today’s conflict against
the hackers who build and spread data-kidnapping malware
aren’t nearly as apocalyptic as those in the superpower showdown. But the comparison remains valid in this crucial respect: Both clashes are characterized by opposing sides engaged in an ever-escalating and seemingly endless battle of weapons and wits, in which a move by one side is met with a countermove by the other. Move, countermove, move again.
The two conflicts, of course, aren’t alike in all ways. But even their differences are strangely revealing. While the two sides in the Cold War never unleashed their most destructive devices, the same can’t be said about hackers and the companies trying to foil them. Both sides are steadily building up their arsenals while also using the biggest bombs at their disposal.
Unlike the simmering late-20th century hostility between the Soviet bloc and the Western allies, however, the ransomware war boiled over immediately. It follows that one popular social media catchphrase sums up the current state of affairs: That escalated quickly.
The hot war between
the perpetrators of ransomware
and their targets is an obvious by-product of our wireless world. Put simply, digital mobile devices and applications have not only created the convenience and utility of anywhere-anywhere communications, but also opened up umpteen avenues and opportunities for purveyors of ransomware to exploit. As crypto-viral criminals adopt more sophisticated tools and tactics of attack, so do their targets to defend their digital networks and the data accessible through them.
Extortionists ratchet up pressure
Even places with the highest and thickest walls are vulnerable to today’s sophisticated ransomware. This is where insurance providers enter the picture. The insurance industry has been deeply involved in this intensifying struggle from the very beginning. I remember clearly my first ransomware case some five years ago. My company, its vendor partners, and the organization whose data was being threatened worked together quickly to eliminate the data-kidnapping malware and plug the hole through which it entered. No harm done.
If only things had remained that straightforward. Since those innocent days, criminals have become much more active, multiplying the number of attacks each year. On top of that increased activity, extortionists have been ratcheting up pressure on their victims, developing and employing methods that have become increasingly difficult to foil through standard anti-virus programs and backup measures.
Rather than rely strictly on brute force, an increasing number of coders explore data networks meticulously to locate and imperil the most sensitive information, emboldening these extortionists to raise their payment demands. Many companies give in to these shakedowns, chalking them up as yet another cost of doing business. It’s a bluntly effective response, but one that’s unsatisfying and becoming increasingly unsustainable.
Instead, organizations increasingly turn to insurance providers not merely to cover extortion payments, but also to forestall them.
Many insurance providers deliver three key services:
- Perform threat intelligence by researching and analyzing trends and developments in cyber crime, activism and espionage;
- Manage risks by identifying and repairing weaknesses that make organizations vulnerable to ransomware; and
- Build relationships with top vendors — from computer specialists to public relations professionals — that can respond immediately and intelligently when extortionists strikes.
That said, expert claims professionals must be at the forefront of the fight.