grandeduc - Fotolia

Ransomware needs to be taken more seriously

Security specialist Sec-1 has warned that customers are not taking ransomware seriously enough

Ransomware might have gained a lot of headlines in the last 11 months but there are plenty of people still not taking the security threat seriously enough.

Penetration testing specialist Sec-1 has issued a warning that ransomware needs to be given a lot more attention. The firm quoted research that puts the damage costs of attacks at $5bn this year.

The Claranet Group business has noticed that despite the fifteen-fold increase in ransomware in just two years, some customers are classifying it as a 'new threat' and as a result steps to deal with it are taking sometime to be formalised.

But excuses about the slowness of response to ransomware did not cut any ice over at Sec-1.

“Ransomware is not new, and the idea of encrypting a user’s files and making a monetary demand is far from cutting-edge in the cybercrime world. It’s been used since the AIDS Trojan was created back in the late 1980s, and has been proven to be both effective and increasingly lucrative right to the present day," said Holly Williams, senior security consultant at Sec-1.

"There are many ways that ransomware can be spread, including through botnets, bogus software or misleading advertising leading to malware downloads. However, by far the most common method is through luring recipients into opening a malicious attachment, or clicking a link to a website which triggers a “drive-by” download," she added.

As a result there is a requirement for the channel to educate users more about ransomware.

"Educating users on how to recognise, and therefore avoid, these dangers is always a positive, but it’s impossible to eradicate human error entirely in this sense. There will always be instances where people inadvertently fall into the traps set by attackers, which is exactly what hackers are counting on," said Williams.

Her advice is to promote penetration testing and scanning regularly for vulnerabilities.

Read more on Data Protection Services