| | December 20169CIOReviewwell. Backups can take the sting out of a ransomware attack, since you've made copies of everythingincluding what's been encrypted in an attack. And as a last resort in the worst case scenarioyou're attacked and you've no good security solution and no backupsmany security vendors provide decryptor services, and they're definitely worth trying out.There are several worrying trends with the use of such malware. First, there's a growing risk of ransomware attacks on physical devices. In the future we might see ransomware attacks on smart TVs, connected cars, etc. This is one of the reasons why hospitals are so vulnerable: they're using physical equipment such as medical scanners operated by computers often run on outdated, vulnerable operating systems. They're connected to the hospital network, which has an Internet connection. All that combined is a recipe for a cybersecurity disaster. I even know of a research project in which security experts developed ransomware (of the blocker variety) for a smart thermostat. Can you imagine a situation where, with sub-zero temperatures outside, your smart home gets its heating turned off remotely and can't be turned back on? You might forgive the (shivering) smart-home owner for wanting to pay the ransom as soon as possible.There are also fears that criminals who are running advanced targeted attacks (aka APTsadvanced persistent threats) can adopt ransomware techniques to encrypt the `crown jewels' of their high-profile victims. Such attacks are possible. And it can become a very serious headache for large global companies. Fortunately so far there aren't that many criminals who can stage APT-class attacks. But they're learning fast, and advanced ransomware attacks have the potential to cause great damage. There have been several cases in which security companies joined forces with law enforcement to take down ransomware gangs. Private-sector security researchers analyze malware code and extract the information on the command-and-control servers used to run the scams. After that the police can physically seize these servers and access all the data on themincluding the encryption keys to make the decryption relatively easy.Unfortunately we're far from taking down all such gangs. What we need to do is to continuously disrupt their criminal business model so that it fails to provide adequate return on investment. So far, unfortunately, it's been a very profitable business and the entry barriers are not high. We need to make them highso very high they make potential criminals think twice before getting involved in these scams.Together with law enforcement, we need to not only disrupt ransomware scams but to arrest the criminals behind them, put them on trial, and sentence them to prison. The big obstacle to that is that ransomware operators typically run cross-border operations, which often makes catching and prosecuting them complicated due to the inefficiencies of international cooperation. Meanwhile, computer users need to take this threat seriously and be protected. Software updates, backups, not following suspicious links and not opening dubious attachmentsall these recommendations are relevant for all computer users today. The prominence of ransomware will probably continue to increase the more smart devices we use. So my recommendation to everyone is to get protected and stWay protected. Make it (too) hard for the crooks to make you a victim. It's also always a good idea to have a fresh backuppreferably offline, since some malware of this kind tries to encrypt any backups it can find as well
<
Page 8 |
Page 10 >
