[metaslider id=2951] … Read More
Eighty-six percent Small to Medium Business (SMB) clients were recently victimized by ransomware and 21 percent report six or more SMB attacks in the first half of 2017 alone, according to Datto’s State of the Channel Ransomware Report.
Key findings from the ransomware report include:
- An estimated five percent of global SMBs fell victim to a ransomware attack from 2016 to 2017. According to 97 percent of managed service providers (MSPs), ransomware attacks are more frequent in 2017.
- According to 99 percent of MSPs, the frequency of SMB targeted attacks will continue to increase over the next two years.
- Less than one in three ransomware attacks are reported by SMB victims to the authorities, a marked improvement from one in four incidents reported in 2016. Additionally, 35 percent report SMBs paid the ransom, down from 41 percent in 2016. The total cost of ransom paid to ransomware hackers in 2017 is $301M. Of those victims that pay up, 15 percent still never recover the data.
- As a result of a ransomware attack, 75 percent of MSPs report clients experienced business-threatening downtime. Nearly 30 percent of MSPs report a ransomware virus remained on an SMB’s system after the first attack and struck again at a later time. One in three MSPs report ransomware encrypted an SMB’s backup, making recovery even more complex.
- Nearly 85 percent of MSPs who’ve dealt with ransomware report seeing CryptoLocker. Additional common variants include CryptoWall, Locky and WannaCry, which is a new addition to the list.
- Among those industry verticals who are targeted most by ransomware attacks are Construction, Manufacturing and Professional Services. SaaS applications continue to be a growing target for ransomware attacks with Dropbox, Office 365 and G Suite most at risk. Mobile and tablet attacks are also on the rise.
- While 90 percent of MSP respondents cited they are “highly concerned” about the business threat of ransomware, only 38 percent of SMB clients felt the same. This could be due to the lack of mandatory cybersecurity training across SMBs, which MSPs cite as the leading cause of ransomware infections.
Contact us to discuss protection against ransomware.
Bad actors are looking to hit financial and banking firms in Canada with geo-specific campaigns touting malware like Emotet, GandCrab and Ursnif.
Banking and financial services in Canada are being targeted in geo-specific attacks looking to spread varying forms of malware, according to researchers tracking thousands of malicious email campaigns between January 2019 to May 2019.
In particular, campaigns are typically launched by financially-motivated cybercriminals, but can also be orchestrated by national, state-sponsored threat actors (such as Advanced Persistent Threat or APT groups), said researchers with Proofpoint.
“In 2019, threats specific to Canadian interests, whether abusing Canadian brands, or affecting Canadian organizations through specific geo-targeting mean that defenders at Canadian companies must be cognizant of threats far more targeted than ‘North America,’” researchers said.
When it comes to falling victim to a ransomware attack, it’s not a case of ‘if’ but ‘when’.
Ransomware has been growing in awareness for years, and its potential harm and disruption has been widely discussed across the board. However, last year, awareness peaked as ransomware caused havoc for organisations, as threats like WannaCry and NotPetya found them to be defenceless and vulnerable. In spite of attacks happening again and again, many organisations are still not able to effectively defend against them.
Recent research from Sophos, which looked at The State of Endpoint Security Today, revealed the extent to which organisation are unprepared for ransomware attacks. Findings revealed that the defence readiness and end-point security from organisations needs a lot of work – over half of organisations (54%) were hit by ransomware in the past year, and the average cost of an attack was $133,000.
When it comes to IT security, the usual consensus is that once an organisation encounters a specific threat, they learn from it, shore up their defences, and are then better prepared for the next attack. However, the research revealed that with ransomware, this approach doesn’t work as respondents said they were hit by ransomware multiple times, and expect that they’ll fall victim to it again in the future.
With ransomware, it is clear that no organisation can afford to be complacent. Cybercriminals are deploying a variety of different attack methods until they’re successful, whether using a mix of ransomware in a single campaign or taking advantage of a remote access opportunity, then infecting the server and disabling security software. With attacks only becoming more frequent and complex, it is time for organisations to prepare and protect, and avoid falling victim to the next attack.
Don’t be fooled – Ransomware needs to be treated differently
After a ransomware attack, we usually find ourselves pointing the finger at the breached organisation – were there defenses in place? Were systems up to date? Were patches in place? However, once again this is not always the case when it comes to ransomware, as over three quarters of respondents said that they were running up-to-date software when ransomware hit.
Therefore, it is clear that traditional endpoint protection alone cannot and does not stop the latest in ransomware attacks.
Given the ingenuity, frequency and financial impact of attacks, all businesses should re-evaluate their security to include predictive security technology that has the capabilities needed to combat ransomware and other costly cyber threats.
Knowledge is key
Seeing as not all anti-ransomware technology offers equally effective protection against attacks, many organisations may find themselves investing in technologies which offer little protection when the attacks occur. And it seems the knowledge gap widens from here, as the research revealed that less than one in three respondents were able to correctly define what anti-ransomware and anti-exploit technologies do.
With this many professionals having this level of understanding, a significant number of organisations may believe that they are adequately protected against the ransomware threat, but are not. Therefore, it’s important that organisations do their research and ensure that they have the right level of protection in place.
The key to being protected against ransomware can be found by changing from a traditional security methodology which can only stop previously seen before threats to a predictive one.
Over the years, traditional approaches to security (i.e. anti-virus that use signatures) have focused on improving the time to stopping a threat by increasing the update increments. Traditional security methods are very accurate and can spot and block seen before malicious software within as little as an hour after the first report. Since we’re now seeing as much as 400,000 different malicious files a day it’s very difficult to keep up with the ever changing threat landscape using this traditional technology. Machine learning now plays a crucial part in tackling this issue by predicting what a malicious file looks like.
Machine learning ‘learns’ using mathematical models instead of being specifically programmed to address a particular problem. Deep learning is the latest evolution of machine learning. In the context of stopping malware, a deep learning engine is trained on hundreds of millions of previously seen before malicious and non-malicious files. Using the features of these files, it then looks for correlations and similarities in the malicious vs non-malicious files. By doing this grouping of similarities the deep learning engine is then able to accurately sort files into two buckets, malicious and not malicious with the anti-virus left to quarantine accordingly. By using deep learning, you’re not just stopping a previously seen bad file, you’re stopping ones which have never been seen before as well.
Although 60 percent of respondents admitted their endpoint defenses are not enough to block the huge ransomware attacks we saw last year, only 25 percent have predictive threat technologies such as machine learning or deep learning, which leaves 75 percent vulnerable to repeated ransomware attacks.
Given the speed at which cyber threats have evolved it is not surprising that many IT departments are unable to stay ahead of the next-generation technology required for security. Yet this knowledge gap could be placing operations at risk. Organisations need effective anti-ransomware, anti-exploit, and deep learning technology to stay secure.
You’re not alone
To many organisations, the urgency and complexity of protecting against ransomware and cyber attacks in general may seem daunting. In fact, 87 percent of respondents said that the malware threat had grown more complex in the last year. In order to effectively stop ransomware in its tracks, traditional endpoint security isn’t enough.
Organisations need the strongest defense against these persistent threats, and so need to explore, learn, and adopt anti-exploit and anti-ransomware technologies in order to be fully prepared against future attacks – it’s not a case of ‘if’, but ‘when’.
The ransomware strain that crippled several cities and school districts in the U.S. earlier this year is back with more tricks up its sleeve to avoid detection.
If you haven’t heard of SamSam, you haven’t been paying attention. Just one example of the kind of destruction they can cause is the recent attack on the Colorado Department of Transportation which caused downtime for 2,000+ systems.
This new SamSam strain adds a human element to its already devious mix of evasive techniques to keep antivirus, endpoint, and even more advanced security software from detecting it.
SamSam avoids being discovered using sophisticated methods of constructing its payload and how it executes. In a recent blog, endpoint protection company Malwarebytes provides a detailed technical explanation of how this new variant of SamSam works.
Your Executive Summary
Your executive summary is this SamSam strain avoids detection using three advanced techniques:
- It decrypts the payload only at run-time, making it nearly impossible to identify and analyze.
- The loader, payload, and logs are wiped, leaving very few traces behind for any forensics or scanning tools.
- It requires a password to be entered by the threat actor to run in the first place.
It’s that last part of the attack that makes this latest strain so dangerous. Unlike most ransomware strains which are designed to spread automatically, this new strain of SamSam is designed for targeted attacks.
By requiring a password, the payload remains encrypted (and, therefore, an absolute secret), only woken up when and where the bad guys choose to unleash it in your network, all at the same moment to create the biggest impact and damage.
Do You Want The Good News Or The Bad News?
The good news is that, should users accidentally download this strain of ransomware, or your network is compromised via an RDP brute-force attack, the payload is harmless without the password to run it. The bad news is, should the SamSam gang decide that your organization is next up to be extorted, all your users will be sitting on their hands for possibly weeks if your backups fail.
The almost total pervasiveness of phishing scams and other email-based attacks can be seen in a recent survey that found almost 90 percent of the cybersecurity executives saying their company was hit with an attempted or successful email-based cyberattack in the last year.
The Barracuda survey found employers are experiencing more email attacks with 81 percent seeing an increase in the last year, and 25 percent of those describing the increase as being dramatic. This is leading to the cost of mitigating costs with 81 percent seeing a jump in cost with 22 percent describing the price rising dramatically.
The price that must be paid in the wake of an attack is not just monetary. Sixty-seven percent of those surveyed said an email incident forced their IT team to divert needed resources from other priorities to deal with an attack; employee productivity was interrupted said 61 percent and 10 percent reported that their firm’s reputation took a hit.
Having sensitive corporate information stolen was judged to be the most costly kind of attack, followed by ransomware and business email compromise. When it came to recovering from a ransomware attack 12 percent of the companies decided their only option was to pay the ransom with the remaining 88 percent declining to do so. Interestingly, enterprise-size businesses were more likely to pay compared to small and medium-size operations.
“Based on how pervasive ransomware attacks have become, along with the accompanying media coverage, it’s somewhat surprising to see such a small percentage of companies paying. Perhaps it’s actually a glimmer of hope: maybe organizations had comprehensive backup solutions in place and were able to rapidly recover critical data without paying,” the report stated.
Thirty-five percent of the surveyed executives said their firm had been hit with a ransomware attack in the last year with 75 percent of those individual saying the malware was delivered via email, 32 percent from the web and 23 percent through network traffic.