4 May, 2017
Businesses are increasingly subject to so-called 'ransomware' attacks, according to a new report on data breaches.
Ransomware is a type of cyber attack that sees hackers install malicious software on to computer systems that prevent businesses carrying out everyday operations or accessing data or other assets. Businesses are prompted to make a payment to the hackers to bring about an end to the attack.
The annual Verizon Data Breach Investigations report for 2017 revealed that there were 228 ransomware incidents recorded in 2016 compared to 159 in 2015. It said that while ransomware is generally used in an opportunistic way, the methods used by those deploying it are becoming more innovative and that attackers are increasing using ransomware to target "vulnerable organisations" as opposed to "individual consumer systems".
"Moving on from file encryption – the standard practice of ransomware authors – attackers introduced master boot record locking, and partial and full disk encryption in an effort to make it more difficult to recover systems without paying," the report said. "They also experimented with a variety of methods to avoid detection by security sandboxes."
"Criminals introduced time limits after which files would be deleted, ransoms that increased over time, ransoms calculated based on the estimated sensitivity of filenames, and even options to decrypt files for free if the victims became attackers themselves and infected two or more other people," it said.
The report also charted the rise in ransomware-as-a-service, where ransomware is sold by criminals for use by other hackers in return for payment. It further highlighted how ransomware can often be used as part of a broader cyber attack.
"Ransomware campaigns targeting organisations often have additional characteristics, such as credential theft to spread the attack throughout the organisation, delayed encryption to infect as many machines as possible before detection, and code that targets corporate servers as well as user systems," the report said.
In its report, Verizon also said that financial motives and espionage were the motives behind 93% of all data breaches, and that 75% of breaches can be linked to perpetrators outside of an organisation. In 62% of cases, hacking is used in a data breach, while malicious software (malware) is utilised in 51% of incidents.
Financial services firms, health bodies and public sector organisations experienced the most number of data breaches in 2016, the report said.
Experts at Pinsent Masons, the law firm behind Out-Law.com, recently looked at the 10 things you always wanted to know about cybersecurity but were afraid to ask, which included looking at the rising threat of ransomware.
The experts also looked at which people are typically behind cybersecurity breaches and the methods they use, what the common vulnerabilities are and what good IT security looks like, and how the legal landscape and regulatory fines are changing, as well as how businesses may be able to seek protection afforded by legal professional privilege, and what they need to consider when working with criminal authorities. They also detailed the advantages of engaging credit monitoring after a breach, and the potential benefits of taking out cyber insurance.
For further information, please contact:
Ian Laing, Partner, Pinsent Masons
ian.laing@pinsentmasons.com