How technology has transformed ransom demands

For a business owner, the thought of having their sensitive information fall into the wrong hands due to a security breach can be an unsettling thought.

The consequences of having financial records, employee information, and client data in the open can be disastrous, but the perpetrators of these attacks have evolved to increase their chances of success. They are more sophisticated and organised than ever before, operating like well-oiled machines in terms of their planning and efficiency.

However, it’s not just the criminals themselves that have changed, it is the threats as well. Enter ransomware, a type of attack where the hacker demands a financial pay-out from its victim in order to return access to their data.

These sorts of attacks are growing in occurrence in the region and globally. Those in the finance, insurance and real estate sectors have been the most affected by recent targetted attacks. Healthcare enterprises have also been impacted, with entire hospital IT systems locked down by targeted ransomware attacks, forcing the transfer of patients to other treatment facilities. Due to these attacks, businesses in the region are expected to ramp up cyber security spending from $340m in 2012 to $1bn by 2018.

The increase begs the question as to how cybercriminals launch their attacks in the first place. Unknown to the victim, ransomware is placed on a desktop or laptop through an ‘exploit kit’. These kits make it easy for attackers to take advantage of vulnerabilities lurking within employees’ desktops and laptops.

In particular, weak points in Internet Explorer and Adobe Flash Player are typically taken advantage of. Most of these flaws are well known to those in the security industry. However we’ve seen two attacks during the past year via so-called ‘zero day’ vulnerabilities. This should be viewed as alarming, as they cannot be mitigated at the time of the breach due to the unavailability of a patch update.

In the event that an enterprise finds itself to be a victim of ransomware, there are a few steps to take which are absolutely crucial in order to minimise the impact caused.

An assessment should be carried out by the IT teams as to how valuable the maliciously-encrypted data is and whether it is backed up on a server. If so, the company should immediately begin the process of restoring the lost files and identify the hole that exists in their cyber framework. This is vital, as criminals can potentially regroup and exploit the vulnerability at a later time with an attack that is much more severe.

Some might argue that it’s easier to bite the bullet and pay the demanded fee, however this comes with its own host of complications. Hackers almost always demand to be paid in Bitcoin, a type of crypto currency that is untraceable by authority figures. If one chooses to do this there are also the complicated logistics behind purchasing Bitcoin, which is not readily available on the market and can be difficult to work with. This can then frustrate the criminal if they are not paid on time, in turn causing him or her to escalate the situation. It’s important to note that in these scenarios, the authorities generally recommend against complying with hackers’ demands as this supports them in their activities.

However, with all cyber-attacks, there are ways that businesses can protect themselves. As ransomware is typically installed by exploiting vulnerabilities, one of the most effective and preventative measures is ensuring that all hardware and software is kept up to date. For those businesses using Microsoft operating systems, the latest versions are Windows 7, 8.1 or 10 and the latest Internet Explorer 11 or Edge. Keep up with the vendors’ monthly patch updates and don’t delay recommended installations by more than one week.

As mentioned previously, certain applications are more susceptible than others. If possible, one should remove Adobe Flash and other commonly-targetted programmes from all computers. If this isn’t practical, then treat them the same way as Windows and remain diligent with scheduled updates and security scans. Knowledge is also a powerful resource, IT departments should take it upon themselves to educate employees on best practices regarding cybersecurity and how they can do their part to reduce the risk of a breach.

While no security measure is fool proof, it’s vital that both enterprises and end-users take the necessary steps to lower the risk of having their data compromised. There are multiple tools on the market that can be used to effectively neutralise threats. These range from vulnerability management solutions that prevent breaches and boost IT efficiency, to continuous monitoring which provides real time alerts and swift incident reports.

By following these guidelines and using appropriate security software, businesses in the GCC can stay one step ahead of cybercriminals and ensure their corporate data is secured to the highest industry standard.

Wolfgang Kandek is chief technology officer at cloud security company Qualys