The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Ransomware - the Protection Racket

16 May 2017 | Updated 01 January 1970
 

ThisWeekinFM has been making a racket about Cyber Security because vulnerabilities are exploited at a personnel and personal level - where FM's should have some jurisdiction. We now answer the question, what is ransomware and how do you protect against it.

What would it mean if you lost all of your personal documents, such as your family photos, research or business records? How much would you pay to get them back? There’s a burgeoning form of cybercrime that hinges on the answers to these questions at a personal level - and of course at a business level...as the NHS and thousands of firms around the globe have just found out.

You have probably heard of viruses and malware. These dangerous pieces of software can make their way into your computer and wreak havoc. Malware authors are intent on stealing your data and disrupting the proper functioning of your digital devices.

 

Money or your life

Then there is ransomware. This is crafted by cyber-criminals for extorting data from innocent users and has now become the biggest threat to individuals, small business and corporate users alike.

Unlike malware, ransomware does not steal data. Rather, it holds it captive by encrypting files and then displaying a ransom note on the victim’s screen. It demands payment for the cyber-extortion and threatens obliteration of data otherwise.

While the concept of ransomware has existed for more than 20 years, it wasn’t until 2012 that several key technological advances aligned and allowed it to flourish.

Now ransomware has evolved. It combines file encryption, it uses 'dark' networks to conceal the attacker and uses (or rather, misuses) cryptocurrencies, such as Bitcoin, to prevent law enforcement from tracing the ransom payment back to the attacker’s den.

 

ROI

For a small upfront cost and with low risk of getting caught, ransomware developers can net good returns: industry estimates range from 1,000% to 2,000% return on investment.

 

What’s driving ransomware proliferation?

Paying small ransom amounts is quite simply adding to the problem. If you don’t, you lose your data; if you do pay, then you contribute to a worsening problem.

Yet for ransomware creators, it’s a lucrative business. Industry figures vary greatly but reports suggest that developers can earn more than US$1 million per year, which is enough to attract skilled programmers and engineers.

 

Paying-up

The recent global attack has been diffused but there have been many reports of businesses paying ransoms. Even the authorities aren’t safe, with several police departments in the US having paid ransoms in order to recover files. And we’ve even seen reports that FBI experts have advised victims to 'just pay the ransom' if they need their data.

 

Phases of a ransomware attack

The biggest concern with ransomware is the rate at which it is adapting to combat security protections. We recently examined the evolution of ransomware and found that ransomware developers are learning from their mistakes in previous versions. Each generation includes new features, and improved attack strategies.

We also found that over 80% of recent ransomware strains were using advanced security features that made them difficult to detect and almost impossible to crack. Things don’t look good for end-users; ransomware is increasingly using advanced encryption, networking, evasion and payment technologies. The developers are also making fewer mistakes and writing more cunning software.

It’s not a stretch to imagine a ransomware developer currently working on ways to attack corporate databases or versions that lay low while they identify all of your backup disks.

 

How to protect yourself

Recovering files from ransomware is impossible without the attacker’s approval, so you need to avoid data loss in the first place. The best thing you can do is practice good digital hygiene:

  • Don’t fall prey to social engineering or phishing, which is where an attacker attempts to have the employees in your organisation reveal sensitive information to them. Warn staff that if they receive a suspicious email from their grandma or work colleagues, ask whether it’s unusual before opening. If unsure, contact the sender via a different medium, such as giving them a phone call, to cross-check.
  • Stop staff from installing plugins or extensions unless they know they’re from a reputable source - or have been approved by the company. Ban USB sticks and the like until they've been scanned by IT on a completely independent device.
  • Update software regularly to ensure latest versions are running - not so easy for the NHS which is still using Windows XP because it can't afford to upgrade its proprietary software to run on protected systems.
  • Backup. Important documents need to be treated like valued possessions. Having multiple copies means the adversarial effort on holding you for ransom is pretty much worthless.

Ransomware is a very real threat. Its rapid growth is being driven by the low risk to attackers and good financial returns. We all need to stay ahead of the game.

 

About the Authors

Zubair Baig - Senior Lecturer of Cyber-Security, Edith Cowan University, Western Australia

Nikolai Hampton - Master of Cyber Security Candidate, Edith Cowan University, Western Australia

The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article and have disclosed no relevant affiliations beyond the academic appointment above.

Partners

Edith Cowan University

Edith Cowan University provides funding as a member of The Conversation AU.

The Conversation UK receives funding from Hefce, Hefcw, SAGE, SFC, RCUK, The Nuffield Foundation, The Ogden Trust, The Royal Society, Wellcome, Esmée Fairbairn Foundation and The Alliance for Useful Evidence, as well as sixty five university members.

Picture: Phases of ransomware attack

Article written by Zubair Baig, Nikolai Hampton | Published 16 May 2017

Share



Related Articles

What Can The FM Sector Learn From The ISS Malware Attack?

After breaking the news of the ISS World malware crisis, ThisWeekinFM speaks to the industry experts, to identify how FM companies can better manage cybercrime...

 Read Full Article
More Global FM Firms Hit By Cyber Attacks

EMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks.  The website of EMCOR Group, the global providers of facility...

 Read Full Article
Hackers' Paradise - Easy Access...And Ransoms Paid

One report says on average, one third of business decision makers would pay hackers' ransom demands; while another - DNS Threat Report -  shows European...

 Read Full Article
NHS Contract Awarded to Health Secretary’s Firm

It has been revealed that Health Secretary Matt Hancock and his sibling own shares in document management company Topwood, that has been granted business...

 Read Full Article
NHS Deep Cleaning Service Supports Sue Ryder Hospices

The new NHS Deep Cleaning and Advisory Service is enforcing a new national standard for domestic cleaning. Sue Ryder is amongst the first healthcare providers in...

 Read Full Article
Public Health to be Transformed With Formation of Two New Bodies

The Health Estates and Facilities Management Association is encouraging feedback on a recent proposal to overhaul England’s public health with the formation of two...

 Read Full Article
Imtech Inviron Secures Two NHS Contracts

Imtech Inviron has secured two NHS contracts in Hertfordshire, with a combined base value in excess of £18m. The agreements are to maintain 75 properties on...

 Read Full Article
ISS Now Recovered from 2020 Malware Incident

The effects of the ISS IT security incident have been resolved with all related costs fully recognised and with the majority paid in 2020, according to the...

 Read Full Article
Mitie Refutes Claims of Lack of Cooperation Amid Strike Action in Carlisle 

As over 70 cleaners, porters and other support staff at Carlisle’s Cumberland Infirmary prepare to strike over a decade-long pay dispute, Mitie says it has never...

 Read Full Article
Mitie Appointed as Supplier for Net Zero Carbon Delivery Framework

Mitie has been appointed as a preferred supplier on the new Net Zero Carbon Delivery framework, created by ETL. ETL is the estate development consultancy founded by...

 Read Full Article