Ransomware: Majority of U.S. Businesses Unprepared for Attacks

Posted by Gerd Meissner

Jan 24, 2017

Thumbnail: Ransomware: Majority of U.S. Companies Unprepared for Ransomware Attack - Illustration for Authentic8 blog postSECURITY

A new survey shows that 66 percent of IT professionals identify ransomware as a serious threat. Yet only 13 percent say their company is prepared to handle it.

The research was conducted by The Ponemon Institute on behalf of Carbonite, a provider of cloud backup and restore solutions. Its findings are published in a report titled The Rise of Ransomware [PDF].

Surveyed were those responsible for containing ransomware infections within their organizations. Respondents included IT professionals and IT managers, who primarily report to the Chief Information Officer (CIO).

The report indicates that traditional methods like AV software have failed to stop the ransomware scourge. Most respondents indicated that they don’t consider current technologies sufficient to prevent ransomware infections, leading almost half of the surveyed companies (48 percent) to pay the ransom.

Traditional tools fail to stop ransomware

Ransomware is mainly spread through web-borne attacks. When users access the web through a regular browser, infected websites can drop and activate malicious exploit kits on the local computer.

Because regular browsers fetch and process code from the web locally, including malicious code, they have become a main gateway for ransomware attacks.

Another distribution method uses “phishing” emails that contain a hidden payload to install ransomware, or a link that defaults to a ransomware installer on a remote server.

The malware then blocks or encrypts the files of the victims and serves up a screen message from the attackers, demanding a ransom to unblock or unlock the data.

The Ponemon survey found that in addition to suffering “significant financial consequences” from paying the ransom, businesses that got hit by ransomware had to invest in new technologies (33 percent), lost customers (32 percent) and lost money (32 percent) due to downtime.

“Startling prevention gap”

Larry Ponemon, chairman and founder of the Ponemon Institute, said the study reveals a “startling prevention gap. Most businesses are either underprepared for an attack – or even worse – underestimate the risk ransomware places on their broader organizations.”

Carbonite’s chief evangelist Norman Guadagno added: “Now is the time to act: educate staff on simple measures you can take to avoid an attack and update your data protection measures now, before it’s too late.”


Our take:

If nothing else, this new report by The Ponemon Institute should serve as a reminder why No More Ransom will remain a pipe dream if we don’t address the underlying security weaknesses of how we access the web .

Traditional methods like AV software and malware detection tools are losing the arms race. They scan for malicious code after it has been delivered to the local environment. Given the resources available to the bad actors, they'll always stay a step ahead of these detection approaches.

Where companies and consumers still use inherently unsafe local browsers and rely on outdated defense mechanisms, their ransomware distribution tools will keep on working, and employees will unknowingly download ransomware when accessing the web.

Illustration / Infographic for blog post: American Companies Unprepared for Ransomware Attacks. Source: The Ponemon Institute / Carbonite

Source: The Ponemon Institute / Carbonite: The Rise of Ransomware

Businesses should focus on how to reduce the probability of getting hit by ransomware in the first place.

A secure browser like Silo, developed by Authentic8, which renders web content remotely in a secure container in the cloud, provides insulation from all web-borne attacks when employees access the internet.

When accessing the internet with Silo, the secure virtual browser (try it here), no code from the web can reach through to the endpoint device. While Silo processes a web page in the cloud container, only a visual representation - pixels - is transmitted back to the user, via an encrypted connection.

The Ponemon report addresses an aspect of ransomware attacks that is rarely mentioned elsewhere: for many companies that suffered an attack, paying the ransom may not be the end of it . Next, they may learn that their intellectual property (IP) is offered to the highest bidder on the Dark Web.

Many IT professionals reported that data exfiltration occurred from devices – meaning unauthorized transfer of data from a computer or server.

The amount of ransom to pay may be the least important part of the equation when enterprises calculate their ransomware risk. The very real possibility of IP theft indicates that for many companies, there could be a much higher price to pay.

###

Resource: The Ponemon Institute / Carbonite (sponsor): The Rise of Ransomware [PDF]

Topics: Security