Ransomware Might Not be as Prevalent, but Organizations Still Need to Be as Vigilant as Possible in Building Defenses

How big a problem is ransomware for organizations, and is it getting worse? That depends on who’s providing the information about this cyber threat—although experts seem to agree that organizations need to continue taking ransomware seriously.

A report released earlier this year by ISACA, a global association of technology professionals, said ransomware attacks are significantly declining. The association’s State of Cybersecurity 2018 report noted that 2017 was widely billed as the year of ransomware, but cyber threats have moved in a new direction this year.

Half of the 2,366 security leaders ISACA surveyed said they had seen an increase in cyber attack volumes relative to the previous year. Furthermore, 80% of the respondents said they are likely or very likely to be attacked this year—a statistic that remains unchanged from the prior year’s study.

Despite an increase in cyber attacks generally, however, ransomware attacks were said to be significantly declining. In 2017, 62% of respondents experienced a ransomware attack, compared with 45% this year, a 17-point drop.

This is likely because organizations are significantly better prepared after last year’s WannaCry and NotPetya attacks, the ISACA report said. A majority of the respondents (82%) said that their enterprises now have ransomware strategies in place and 78% said they have a formal process—up 25-points from last year.

While these findings are encouraging, the data indicates that ransomware attacks might have been displaced by cryptocurrency mining, which is becoming more frequent, ISACA said. Cryptocurrency mining malware can operate without direct access to a file system, making it harder to detect. And as the prices of cryptocurrencies rise, the report said, the economics of cryptocurrency mining malware becomes better for attackers.

The report said the three most common attack vectors remained unchanged from the previous year: phishing, malware, and social engineering.

ISACA’s research also found that 39% of the respondents are not at all familiar or only slightly familiar with active defense strategies, and of those who are familiar with active defense strategies just over half are actually using them.

This is a missed opportunity for security leaders and their organizations, noted Frank Downs, director of cybersecurity at ISACA. The research indicates that active defense strategies are one of the most effective countermeasures to cyber attacks, he said, with 87% of those who use them indicating they were successful.

While the incidence of ransomware might be on the decline, it’s still a costly problem. Cybersecurity Ventures, a provider of security-related research and news, in June 2018 reported that ransomware damages will cost the world more than $8 billion in 2018. Ransomware will attack a business every 14 seconds by the end of 2019, the site reported.

The damage comes from destruction or loss of data, systems downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks, the report said.

Research firm Gartner Inc. earlier this year noted that the “protection gap” is widening as the monetary gains from threats such as ransomware become more and more attractive to cyber criminals. In addition, the spread of encryption that blinds network security has been responsible for a lack of visibility in detection technologies. Both of these trends have led to greater burdens on security programs and the ability to protect against threats, the firm said.

Gartner shared a number of best practices for protecting organizations from ransomware attacks: 

• Conduct vulnerability scanning on a regular basis to provide visibility of potential risk exposure to the organization. This allows companies to prioritize key issues. 

• Focus on basic functions such as patch-oriented security practices and system hardening. 

• Disable non-essential and unused services in order to prevent the spread of malware within corporate networks. 

• Educate end users about why and how to remain vigilant when opening email attachments or clicking on links from senders who they do not know. 

• Install the latest updates for operating systems and security toolsets. 

• Back up copies of files and have the backups stored on a different systems. Cloud-based services are often unaffected by ransomware incidents, but local and network copies of files are likely to be at risk. 

• Restrict user and local accounts from having administration access, wherever possible. Deploy privileged access management products where appropriate.

Although by some accounts the number of ransomware attacks is down, this is no time for organizations to take a break from defending themselves against these types of attacks.