With recent research predicting that global ransomware damage costs will exceed $5 billion in 2017 – a fifteen-fold increase in just two years – it is evident that ransomware will continue to be a clear and present danger as 2018 approaches. However, the fact that ransomware has existed in some form since 1989 demonstrates that efforts to defeat it have not been adequate so far.
This is according to internet security experts at Sec-1, a Claranet Group company, who believe that penetration testing has a leading role in rooting out system vulnerabilities.
The growing confidence of cybercriminals using ransomware is encapsulated by a sharp growth in the average amount of a ransom demand, increasing from $294 in 2015 to $1,077 last year. To many without significant cybersecurity experience, ransomware is often considered a relatively new threat, which can then be used as a reason for why initiatives to tackle the problem seem to be falling behind.
However, according to Holly Williams, Senior Security Consultant at Sec-1, there should be no excuses for such tardiness. Holly said: “Ransomware is not new, and the idea of encrypting a user’s files and making a monetary demand is far from cutting-edge in the cybercrime world. It’s been used since the AIDS Trojan was created back in the late 1980s, and has been proven to be both effective and increasingly lucrative right to the present day.
“There are many ways that ransomware can be spread, including through botnets, bogus software or misleading advertising leading to malware downloads. However, by far the most common method is through luring recipients into opening a malicious attachment, or clicking a link to a website which triggers a “drive-by” download. Educating users on how to recognise, and therefore avoid, these dangers is always a positive, but it’s impossible to eradicate human error entirely in this sense. There will always be instances where people inadvertently fall into the traps set by attackers, which is exactly what hackers are counting on.”
Instead, Holly believes that businesses need to focus on encouraging positive user practices, while combining this with a well-maintained network that is set up to proactively guard against ransomware threats. She believes that techniques such as regular vulnerability scanning and penetration testing can help IT teams discover flaws in systems that ransomware strains are designed to exploit. In doing so, organisations can take steps ahead of time to guard their security perimeter, and ensure that ransomware can be halted even if someone does end up downloading a malicious attachment.
Holly added: “Comprehensive penetration testing and an emphasis on frequent vulnerability scanning can go a long way towards strengthening an organisation’s network and assisting security teams in keeping up with the evolving skill levels of attackers. By conducting an in-depth examination of where system vulnerabilities lie, companies can take steps to plug these holes before a ransomware strain comes along to take advantage of them.”
To help facilitate this process, Holly feels that trusting a third party to carry out scanning and testing responsibilities can yield the best results.
She concluded: “A third-party organisation brings a fresh approach to the testing process, meaning they can often spot vulnerabilities more effectively than IT staff who have been close to the system for a long time. This specialist expertise also brings added depth in terms of IT knowledge and resource, which can be crucial for stretched IT departments. For something as established as ransomware, there can be no excuses for companies not to address this issue with the utmost urgency.”
(Source: Sec-1)