A new generation of innovative companies is developing tools to proactively diagnose ransomware attacks before the ransom demand occurs. When Hollywood Presbyterian Medical Hospital was hacked a few months ago, critical files were encrypted, and a demand for payment was made by the criminals holding the data hostage. After weeks of operating without critical systems, and an estimated $1M of lost revenue, not to mention the potential for patient endangerment, Hollywood Presbyterian paid $17,000 to ransom its data and restore its systems.
With ransomware cyber criminals increasingly targeting companies with high levels of critical data and relatively unsophisticated levels of data protection, the Institute for Critical Infrastructure Technology recently issued a report in which they stated that “Ransomware, the weaponization of encryption, has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike… Ransomware extortionists will wreak havoc on corporate IT infrastructures in 2016 like never before.”
Security vendors are scrambling to enhance their anti-malware products and numerous announcements of products to “vaccinate” against ransomware have been announced, as well as products to block or remove ransomware.
But will these methods work?
Although there are many ways that companies can get infected (read more here), in many recent ransomware attacks, the initial entry point into the target institution is through its most vulnerable asset – employees.
And here lies the problem with these types of approaches to eradicating ransomware: even the most sophisticated users – and perhaps especially the most sophisticated users – are vulnerable.
A simple example: a hacker decides to target professors at a university. They obtain the names of the professors from the university’s web site and then troll the names of editors of distinguished publications in which professors are likely to have submitted papers. They then send a message to each of the professors with a hacked PDF file containing ransomware, with a title indicating it contains feedback on the professor’s paper submitted to the prestigious publication. In a large population of professors, some number will likely have submitted such a paper, and will likely click on the document.
All it takes is one, and the ransomware has now penetrated the university’s systems.