Ransomware: How to Combat a Growing Threat to Your Organization

Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.

Ransomware is a serious threat to institutions of all kinds, resulting in mounting costs for organizations that must literally pay ransom to regain access to their essential systems.

A ransomware attack takes place when a cybercriminal denies an organization access to the data it needs to conduct business, usually by encrypting the data with a secret key. The attacker then offers to reveal the encryption key in exchange for a payment.

The payment can vary in amount or kind. But it frequently leads to business interruptions that can cost far more than the ransom demanded, while undercutting productivity, corrupting IT systems and files, and damaging an organization's hard-earned reputation. In some cases, it can put lives at risk.

Ransomware has come a long way since the first reported example. Commonly known as the AIDS trojan, the attack was carried out through the distribution of infected floppy disks in the 80s. Today, ransomware is distributed over networks, by email, messages, websites, as well as by USB and other devices. The increasing risk has led Splunk to release "Ransomware 101," an introductory guide to ransomware, as well as a more detailed security briefing on how to defeat it. Splunk will also be participating in a webinar, hosted by Government Technology, on April 28th at 1pm ET: “Cybersecurity in an Uncertain World: New Ways to Confront New Ransomware Threats.” In this webinar, we will discuss the challenges in getting ahead of growing cybersecurity threats.

The Story So Far: How Ransomware Evolved, and How to Respond

Ransomware infections have exploited the increased interconnectivity of devices with the growth of the Internet. As criminals discovered the potential for profit, ransomware quickly gained in scope and sophistication, and continues to develop today. A ransomware attack generally begins with an email, a remote download, or free software that looks legitimate, but exploits a flaw, weakness, or misconfiguration to give the criminal control over a networked IT system.

Splunk’s e-book, "Ransomware, Malware and Cyberthreats," traces the evolution of the technique and presents basic steps that every organization or institution should take to protect itself before the next ransomware attack occurs. 

Ransomware 101: How to Defend Your Assets

The first response to the rising threat of ransomware is to make your system resistant to attack—or as resilient as possible. With perpetrators becoming ever more sophisticated, using email or deepfakes (spoofed audio or video that look and sound real), preparation is the best defense.

Splunk’s "Ransomware 101" guide reviews some of the latest types of ransomware, and how they’re distributed. Email is the most common vector, but it isn’t the only way ransomware can be distributed. The guide notes that ransomware is now marketed openly on the “Dark Web,” with more than 230,000 new sites and 350,000 new programs emerging each day.

Some providers are even offering ransomware-as-a-service (RaaS) for aspiring criminals without the time or expertise to develop their own tools.

The guide also discusses how criminals increasingly target government agencies, municipalities, schools, hospitals and healthcare providers. Some of them attack institutions directly. Others look for entry points through managed service providers or other partners.

Ransomware attacks can leave institutions between a rock and a hard place. Refusing to pay the ransom may cost significantly more, as systems have to be rebuilt, outside contractors may be required, and data may be lost. In some cases, such as a hospital where data is critical and time-sensitive, refusing to pay can put lives at risk. On the other hand, paying the ransom rewards the criminals, funds other criminal activity, possibly including terrorism, and labels the institution as a target for future attacks.

There is no easy answer. "Ransomware 101" lists some recent attacks on U.S. cities, and includes estimated costs of $50,000 to $5.3 million per incident. Some companies rely on insurance providers to cover the majority of the cost, but that still funds criminal activity, and ultimately penalizes the customers.

Overall, purveyors of ransomware, malware, and cyberthreats are getting bolder, stealthier, and more organized. They’re getting better at what they do, and their impact is growing. Organizations need to get better too. IT providers need to offer more reliable solutions. That means having the right software, policies, and practices (“People, Process, and Technology”) to anticipate and prevent attacks, or to manage and minimize impacts if a perpetrator slips through the net.

Defeating Ransomware: It’s All About Detection

Splunk’s ransomware security briefing, "Detecting Unknown Malware and Ransomware," is a guide for managing the ransomware threat. After attending the April 28th webinar, this document will give you tools and information to start implementing a solution.

By enabling the organization to approach the data analytically, Splunk helps users rapidly identify abnormalities in system activity. This technique lets organizations assess the security of an endpoint, a network, or a service, and rapidly respond when abnormal behavior is detected.

How much is your cybersecurity worth to your organization? Register today for our April 28th webinar, "Cybersecurity in an Uncertain World: New Ways to Confront New Ransomware Threats."

----------------------------------------------------
Thanks!
Lee Imrey