Although some rogue reports have indicated that ransomware is no longer the threat it used to be, a recent report from Malwarebytes indicates that businesses have seen a 195% increase in ransomware attacks. When false reports minimize the extensive ransomware attacks seen in the wild, uninformed businesses could lower their guard and reduce the detection of ransomware. Ransomware is one of the worst malware threats seen in the wild, costing organizations millions in data loss and disaster recovery efforts.
In recent months, attackers seem to have a strong focus on government entities. Baltimore, Georgia courts and (most recently) Lake City, FL have been victims of ransomware attacks. The recent Lake City, FL attack cost the city $460,000 in bitcoin payments. At the time, $460,000 equated to 42 bitcoins. The ransom was paid mostly by insurance, but taxpayers will pay the $10,000 deductible.
The state of Georgia has suffered from two government attacks both on the city of Atlanta and the court system. Jackson County court district paid attackers $400,000 in ransomware fees to recover from encrypted files.
These attacks are just a sample of the latest ransomware attacks, and reports show that the popularity of these types of attack continues to grow. Some underground sites offer ways for users unfamiliar with ransomware coding to “rent” attack tools. This Malware-as-a-Service (MaaS) increases the number of potential attackers as even people with no coding and malware skills can launch an attack.
Exaggerated reports claiming that ransomware is no longer a serious threat endanger organizations that do not know how to contain and avoid this malware. Ransomware is one of the most destructive types of attacks, so organizations should have the right tools and security configurations in place that specifically defends against ransomware.
The threat of ransomware increases the risk for any organization that allows users to receive email or access the Internet. Ransomware attackers sometimes add social engineering to the game where they convince employees to download malicious scripts or trick them into divulging their user credentials. With social engineering attacks, user training plays a huge role in cybersecurity defense, but for employees that cannot identify a social engineering attack, organizations can rely on additional anti-malware tools.
There are a few ways organizations can stop attacks. Attackers install ransomware mainly using phishing emails and messages that contain malicious attachments. For instance, an attachment might contain a macro that downloads additional content to the user’s local machine. This additional content could be ransomware executables along with other malware that gives an attacker remote access to the local device.
The first line of defense is email protection. Email messages created by attackers sometimes have a recognizable spoofed email sender address, and some phishing attacks use graphics and wording that look like the message is from an official source. Recipients not trained to look for phishing messages (or forget to check accuracy) click links in a phishing email that takes them to an attacker-controlled server. DMARC (Domain-based Message Authentication, Reporting and Conformance) is a security framework that detects and stops these attacks.
DMARC is a set of cybersecurity configurations that use a combination of digital signatures (DKIM) and DNS verification using Sender Policy Framework (SPF). DomainKeys Identified Mail (DKIM) adds public-private key encryption that adds a signature to the header in an email. The owner of a domain adds a verification key as a DNS entry and SPF protocols at the recipient email server perform a lookup for this verification entry. Only valid IPs can then send an email on behalf of the sender’s domain. SPF eliminates an attacker’s ability to send spoofed email messages.
DMARC works in conjunction with email filters and DNS-based content filters so that users are unable to access attacker-controlled websites. With DMARC, the messages should not be able to reach the user’s inbox. Messages blocked by DMARC rules are quarantined where the email administrator can review it for any false positives. Should a message return a false negative, the malicious content would reach the user’s inbox. DNS-based content filtering would trigger and block the user from accessing the website where an attacker phishes for user credentials.
Without the right cybersecurity tools in place, organizations are vulnerable to ransomware. This malware could cost an enterprise millions in disaster recovery and ransom fees if they’re paid. Encrypted data cannot be decrypted without the private key, so there is no “fix” for a ransomware attack. The only way to avoid them is to have the right email security using DMARC and content filtering.
One wrong click and you could be faced with some difficult decisions and large bills. Instead, prevent these emails from ever reaching your user's inbox. SpamTitan checks every URL in an email against known blacklists - with 100% active web coverage. Protect your users from email links to malicious sites with SpamTitan. SpamTitan's sandboxing feature protects against breaches and sophisticated email attacks by providing a powerful environment to run in-depth, sophisticated analysis of unknown or suspicious programs and files.
To find out more about some of the key protections that you can put in place to improve your resilience against ransomware attacks, contact the TitanHQ team today.
Sign-up for email updates...