santiago silver - Fotolia

Use ransomware to get security buy-in, says Trend Micro CTO

Ransomware is one of the top cyber threats to business, but organisations should use that to engage stakeholders and review processes and defences, says Trend Micro CTO Raimund Genes

Ransomware is a real, tangible and growing threat that resonates with boards and users alike, according to Raimund Genes, global CTO at Trend Micro.

Ransomware is an opportunity to get everyone involved because it is not vague or “estoteric” like advanced persistent threats, he told the Cloudsec 2016 conference in London.

Trend Micro research indicates that 44% of UK companies have been hit by ransomware in the past 24 months, and almost a third of those were hit more than once.

“Businesses should use ransomware as an opportunity to review all business processes, take control of their environment and educate staff because everyone has a role to play,” he said.

The fact that so many companies are being hit by ransomware, said Genes, indicates that many companies have focused on investing in tools, but the security basics are not working.

He pointed out that while ransomware is one of the biggest threats to business today, it is not a new phenomenon, with the first instances being distributed on floppy disk in the late 1980s.

Despite this fact, most companies are not prepared to deal with ransomware, which has increased in popularity as delivery of the malware and payment by bitcoin has become easier than ever before.

“Although most firms would say they would not pay up, when they are hit by ransomware they typically change their view when their critical files are encrypted,” said Genes.

Read more about ransomware

  • Businesses still get caught by ransomware even though straightforward avoidance methods exist.
  • Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off guard, but there is a defence strategy that works.

Trend Micro research shows that 74% of organisations that have not been hit by ransomware claimed they would never pay up infected, but, in reality, 65% of companies locked out of their critical data do end up paying.

However, Genes advised organisations to resist the temptation to pay ransoms. “Cyber criminals share information about which organisations pay,” he said.

This not only entrenches ransomware as a successful way of making money for cyber criminals, he said, but also flags which companies are worth targeting.

Most companies (37%) said they paid up because they were worried about being fined if data was lost, followed by the fact that the encrypted data was highly confidential (32%) and the relatively low ransom demand (29%).

Even if companies pay, there is also no guarantee they will get their data back. Only around 45% of those who paid got their data back, the research showed.

Paying for data

The rapid development of ransomware has become a major security issue for UK businesses, said Bharat Mistry, cyber security consultant at Trend Micro.

“Ransomware works because, when faced with a ransomware situation, most organisations simply cannot afford to part with the encrypted data and are forced to pay,” he said.

Mistry said organisations need to ensure they are adequately protected against this threat. Although the average ransom in the UK was reported to be £540, 20% of companies polled reported ransoms of more than £1,000.

In 89% of cases, companies reported a time limit being set for payment, with 57% saying they were given less than 24 hours to pay.

Organisations affected by ransomware estimated that they spent 33 working hours on average fixing issues caused by a ransomware infection.

Of those companies hit by ransomware that refused to pay, 60% claimed they were able to recover the encrypted data from backup files.

When infected by ransomware, 81% of companies said they contacted a law enforcement agency which was able to help in 51% of cases.

Growing threat of ransomware

Mistry said the current threat landscape has been dominated by ransomware.

“In the first half of 2016, we blocked and detected almost 80 million ransomware threats and identified 79 ransomware families, compared with just 29 in the whole of 2015,” he said.

Philipp Amann, acting head of strategy at the European Cyber Crime Centre (EC3), confirmed that ransomware along with CEO fraud or whaling are among the top cyber crime activities.

“The problem with ransomware is that there are so many ways for attackers to get in and lock up data,” he told Computer Weekly.

This attack method is also being driven by the fact that would-be cyber criminals are able to buy ransomware services to carry out attacks with little or no technical expertise.

“Ransomware attacks are easy to carry out, the rewards are high and the risks are still relatively low,” said Amann

Read more on Hackers and cybercrime prevention

Data Center
Data Management