Dark Reading: Why Ransomware Continues to Be a Serious Threat

A recent article on DarkReading.com, titled “4 Reasons Why You Should Take Ransomware Seriously,” outlines the persistence of ransomware as a significant threat to organizations, and explains why it will continue to be a formidable challenge throughout 2017. Authored by CrowdStrike’s VP of Product Marketing Dan Larson, the article cites statistics from an Institute for Critical Infrastructure Technology (ICIT) 2016 report indicating an alarming increase in successful ransomware attacks. Coupled with estimates based on FBI reports suggesting that the combined take from ransomware crimes in 2016 can be counted in the billions of dollars, there is every indication that ransomware-related losses will continue to mount as savvy cybercriminals are attracted by potential payouts that are bigger, faster and “less risky than the advanced persistent threat exploits often used to steal credit card numbers and other sensitive data,” Larson says. Why is ransomware such an intractable problem, and why should organizations continue to care?

 

Larson cites four key reasons why companies need to remain vigilant:
  1. Ransomware is constantly evolving, outwitting security measures with innovative tactics such as leveraging vulnerabilities in trusted systems and deleting backup files.
  2. Standard security measures are inadequate against the increasingly sophisticated tactics ransomware criminals are adopting.
  3. Ransomware can pose a compliance risk and companies have reportedly been fined for failing to have ransomware defense measures in place -- even if they haven’t actually experienced an attack.
  4. Recovering your data after an attack is a complex process, and paying your attacker provides no guarantee that your files will be recovered.
Larson concludes that organizations can improve their security posture and lessen their chances of falling victim to a ransomware attack by adopting “a multifaceted approach with complementary prevention and detection methods.”

 

In particular, Larson recommends that companies increase their “focus on indicators of attack (IOAs), a form of behavior-based detection that looks at the underlying actions taken by the threat, rather than trying to pattern-match a new file to a signature.” The CrowdStrike Falcon®™ Platform incorporates IOA-based detection and next-generation AV capabilities to combat today’s most advanced ransomware threats, and Falcon is the only endpoint protection platform that combines those methods with EDR (endpoint detection and response) and a 24/7 threat hunting service — all delivered via a single lightweight agent. For further information on the rise of ransomware and best practices for prevention and detection, read the report: Ransomware: A Growing Enterprise Threat.