[BreachExchange] Could complacency be setting in when it comes to ransomware?

[Destry Winant]

http://www.itsecurityguru.org/2018/07/25/complacency-setting-comes-ransomware/

Ransomware may be a headline favourite, but the attack itself is
nothing new. In fact, it’s been around in some form or another for
decades. Since last year’s high profile global campaigns such as
WannaCry and NotPetya you’d be hard pressed to find anyone who isn’t
aware of the threat posed.

But are the headlines representative? Do IT teams really feel the
threat day-to-day? Is there a danger that our focus on ransomware
could lead us to take our eye off the ball elsewhere?

We wanted to revisit the survey we first carried out last year to find
out more about ransomware’s impact, so we conducted a survey of around
630 organisations globally, of which 145 came from EMEA.

What’s top of the agenda for EMEA companies?

There’s no evidence that the threat has diminished, yet the number of
businesses saying that ransomware is a concern for them and their
organisation has decreased slightly, from 91% in 2017 to 84% this
year. That’s still an overwhelming majority, yet when viewed alongside
the fall in the number of businesses that had been a victim – 30% this
year as opposed to 48% when we conducted the same survey last year –
perhaps this suggests that businesses are better equipped?

Maybe that’s why, once they do fall victim, businesses are seemingly
more inclined to pay the ransom? Of those that were hit by ransomware,
19% claimed to have paid the ransom. Given that only 3% admitted to
paying in 2017, perhaps greater awareness of the issue has also led to
greater awareness of the potential consequences of not reaching a
swift resolution.

Not paying ransoms is the tactic most recommended by law enforcers and
experts, as if enough organisations do it, it will mean that
ransomware is no longer a lucrative business for cyber criminals. Is
the fact that more ransoms are being paid a huge cause of alarm? Maybe
not, but we would urge businesses, regardless of how confident they
are that they’ve got the right protection in place, to carry out
regular backups meaning that they had another copy of the information
and/or systems that were under attack.

An avoidable expense

When asked what type of email security breach is likely to be the most
expensive, 32% of EMEA businesses singled out ransomware as the most
expensive threat to deal with, due to the cost of a direct payment to
regain access to your own systems and information.

So how are these attacks gaining access to the network? It comes as no
surprise to us that nearly three quarters (74%) of attacks entered via
email, with web traffic (18%) and network traffic (18%) trailing far
behind. This is an increase on 2017, where email was identified as the
cause in 70% of cases.

This reiterates the importance of having a comprehensive plan to
defend against phishing attacks. Phishing and social engineering
tactics are specially designed to trick employees into clicking on
links and opening malicious attachments in emails spoofed to appear as
if sent from a reputable source. Ultimately, until organisations get
better at educating their users, this tactic will continue to pay
dividends for the black hats.

Back it up

But what’s the answer? By backing up regularly, and adhering to the
3-2-1 backup rule, it is possible to significantly limit ransomware’s
impact on an organisation and ensure that affected businesses are not
forced into paying for a decryption key which may never be sent.

The 3-2-1 backup rule means:

- Make three copies of all of your data
- Store those copies in two different environments (cloud, on-premises etc)
- Keep one backup copy offsite so it can be kept safe from any
environmental issues