An overwhelming surge in ransomware extortion attacks has sparked a joint statement from the US Department of Homeland Security and the Canadian Cyber Incident Response Centre.
"Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist," the two governments said in the alert. "Paying the ransom does not guarantee the encrypted files will be released. It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."
The victims are of late often in the healthcare sector. For instance, MedStar, the U.S. capital region's largest healthcare provider with 10 hospitals and more than 200 outpatient offices, shut down much of its computer network this week. Hackers had used ransomware to encrypt data on some computers and then demanded a ransom of $18,500.
Part of the reason for the outbreak is simple economics—the barriers to entry for carrying out the attacks have been lowered.
"The recent increase in ransomware attacks is being driven by a proliferation in ransomware toolkits,” said John Gunn, VP of communications at VASCO Data Security, in an email. “Anyone can buy the tools to conduct ransomware attacks for as little as $100 on the dark web. It’s a numbers game—more attackers equals more victims.”
Brian Laing, VP of products and development at Lastline, told us in an email that one of the biggest reasons why companies are unprepared is that they simply do not understand the impact.
“Getting hit with ransomware is not as simple as dealing with machines being down for some length of time, because they'll be restored ultimately,” he explained. “Nor is it as simple as this years' product designs or other company and patient or customer data being leaked. If an organization does not have backups of the files, they are down completely.”
The most effective defense against ransomware attacks still depends on human intelligence, said Gunn: “People have to stop clicking on links in malicious emails—they didn’t just win the lottery, they don’t have a huge refund coming, and a beautiful foreign lady does not want to date them."
Csaba Krazsnay, product manager, Balabit, added that industry participants from all sides need to wake up.
“This alert from the US and Canadian governments rings the bell,” he told Infosecurity. “Cybercriminals have found a new set of targets with a well-known attack, and neither the victims nor the authorities are well enough prepared.”
Photo © Amy Walters