, 28% of ransomware attacks targeted businesses and professional service firms over the last year. 19% of attacks targeted government and
accounting for 15% of ransomware attacks. Enterprises are particularly appealing targets for targeted attacks. While larger organizations have deeper pockets to pick from, they are more likely to have robust IT operations with recent backups to mitigate any damage and avoid paying the ransom.
Ransomware attacks are generally quite successful for criminal organizations, as victims often pay the ransom. Specifically targeted attacks may result in increasingly higher ransom demands, as attackers become more brazen in their attempts to extort money from victims.
While the first rudimentary ransomware attack
dates back to 1989, the first widespread encrypting ransomware attack was CryptoLocker, which was deployed in September 2013. Originally, victims of CryptoLocker were held to a strict deadline to recover their files, though the authors later created a
web service that can decrypt systems for which the deadline has passed at the hefty price of 10 BTC (as of June 17, 2017, the USD equivalent of 10 Bitcoin, or BTC, is approximately $25,339).
While the original CryptoLocker authors are thought to have made about $3 million USD, imitators using the CryptoLocker name have appeared with increasing frequency. The FBI's Internet Crime Complaint Center estimates that between April 2014 and June 2015, victims of ransomware paid over $18 million USD to restore access to their devices.
The WannaCry attack, which started on May 12, 2017, was stopped three days later when a security researcher identified and registered a domain name used for command and control of the payload. The National Cyber Security Centre, a division of GCHQ, identified North Korea as the origin of the WannaCry attack.
How do I protect myself from a ransomware attack?
Ransomware is often spread in file-sharing networks or on websites that purport to provide direct downloads. Other traditional attack vectors have also been used, such as email attachments or malicious links. There are ways to protect against a potential infection. For enterprise workstation deployments, using Group Policy to prevent executing unknown programs is an effective security measure for ransomware and other types of malware.
Ensuring that all devices on your network receive regular and prompt security patches is the biggest defense against any hacking attempt, including ransomware. Additionally, a sane device lifecycle is also important for network security—outdated systems running unsupported operating systems such as Windows XP have no place on an internet-connected network. Despite this, due to the severity of WannaCry,
Microsoft released a patch for Windows XP.
Source: TechRepublic - James Sanders