Ransomware Threats Are Shifting to the Enterprise
Ransomware threats are affecting enterprises more and more. And as the year comes to a close, this worrisome trend is not letting up. Hospitals, public transportation services, public utilities and police departments are progressively becoming victims of ransomware attacks, according to a recent article featured in Computerworld.
Ransomware Threats Are No Longer Just a Consumer Concern
In the past, attackers focused primarily on the consumer, but now they are also targeting businesses.
“Another ransomware evolution is the transition from targeting consumers to enterprises,” said Ed Cabrera, chief cybersecurity officer at antivirus vendor Trend Micro, according to the source. “Many of the new crypto-ransomware families detected and blocked in 2016 have targeted more enterprises than ever before.”
Earlier this year, for instance, an attacker targeted Hollywood Presbyterian Medical Center in Los Angeles, and encrypted files on multiple computers. The hospital ended up paying a $17,000 ransom to restore the affected files and systems, Computerworld reported. Moreover, this was the start of a series of attacks that ending up impacting several healthcare organizations in the US.
Another concerning note is that 80 percent of attackers are now using crypto-ransomware (malicious programs that have the ability to encrypt files) instead of locking desktop screens, asking users to pay ransom and other traditional methods that were common in the past, according to the source.
In general, this is happening because enterprises can afford to pay higher ransomware than the typical consumer, making them an attractive target for ransomware threats.
“We’ve begun noticing that ransomware has been focusing on small and medium businesses for the past year, as they’re more likely to pay larger ransomware fees than the average user,” said Liviu Arsene, a senior e-threat analyst at antivirus firm Bitdefender. “Considering that the Hollywood Presbyterian Medical Hospital paid $17,000 when hit by a single ransomware infection, it stands to reason that cybercriminals would be far more interested in targeting organizations.”
Ransomware Threat Risk Mitigation
To mitigate attack risks, enterprises need to have an incident response plan in place and verify the integrity of their backups to ensure their restoration process works without issues, according to the source. This will become increasingly critical as attackers become more sophisticated in their approach. For instance, Computerworld reported that attackers are progressively exploiting vulnerabilities in server software to get ransomware onto corporate networks.
“We do expect that with ransomware ‘going corporate’ we will see more vulnerability-based infections within networks,” said Barry Shteiman, director of threat research at Exabeam, a security company that uses machine learning to detect ransomware. “In essence, every server that has vulnerabilities that may lead to phishing, defacing or persistent code injection — could lead to ransomware spreading.”
Ultimately, prevention is key. Along with security awareness training, organizations should have a robust security plan that details specific security measures and practices that will lessen the risks of ransomware threats — factors that can prevent an attack from happening in the first place.