One of the biggest emerging threats for businesses is ransomware. In 2015, research analysts found that ransomware has netted over $300M in profits for the cyber gangs affiliated with these attacks. Motivated by these profits, network security experts predict that the next generation of ransomware could cause significant problems for businesses and consumers alike.
Cisco’s 2016 Midyear Cybersecurity Report predicts that the next generation of ransomware will be more targeted and use more sophisticated exploits. Traditionally, ransomware that attacks enterprises works to encrypt the hard drive of the local machine. The most nefarious strains encrypt any other file that the local machine is able to access.
Ransomware of the future will attack more than just your file shares; next generation ransomware will be designed to cripple your business using non-traditional methods of attack. Let’s take a look at some of the next generation ransomware that could be used to attack your business.
At DEF CON 2016, security researchers demonstrated how they exploited smart thermostats. In this demonstration, the ransomware locks the administrative capabilities of the smart thermostat while asking the user to pay a ransom. In the meanwhile, the thermostat would pump out heat at 99 degrees until the ransom is paid.
How could this strain of ransomware impact an enterprise? At first glance, you might think that this type of attack would simply make your office staff incredibly uncomfortable due to the high heat.
But what if an attacker were potentially able to infect a smart HVAC system that is used to cool an onsite data center? The ransomware could disable cooling, therefore putting your equipment at risk of overheating.
While the researchers who discovered this attack feel like it is an unlikely attack vector, the fact that people have devised methods of exploiting Internet of Things (IoT) devices that control HVAC systems is definitely something to consider in the future.
Ransomware that attacks mobile devices has already been found in the wild. Today’s mobile device ransomware generally targets the files on the device, as well as any other files that the device is able to access. This includes files that live in cloud services such as Office 365, Box, and so on.
Given the profitability of ransomware attacks, next generation ransomware for mobile devices could go a step further than just encrypting your files. When most people install new apps on their mobile devices, they typically breeze right through the terms and conditions while blindly accepting that they will grant the app access to:
Many security experts have begun asking the question if ransomware could be used to take over a mobile device discreetly, while recording the owners actions or words.
This type of attack would likely have to be coordinated attack in which a specific person or entity is being targeted. While this type of attack is unlikely, if you work an industry that deals with privileged knowledge or private data, an attacker might prey upon the fact that you could be motivated to pay a ransom or else risk the data being leaked to the public.
Perhaps this hypothetical scenario isn’t exactly ransomware; it could be subcategorized under ransomware as extortionware.
Your IT staff should be vigilant in ensuring that mobile devices have the most up to date malware and ransomware protections in place. In addition, your IT department should verify that the latest operating system patches are installed to prevent the device from being exploited.
We briefly touched on how infected mobile devices could potentially hold cloud based data for ransom.
A report published by McAfee says that new ransomware variants will specifically target endpoints that utilize cloud based services. While cloud services may claim that they keep a backup of your data, you should always have an onsite data repository that retains a copy of critical file locations all throughout your network.
McAfee’s report goes on to say that these new strains of ransomware will work to compromise the users credentials while attempting to log into the cloud service to encrypt all of the files that the user has available to them. These ransomware infections encrypt both cloud hosted files and files located on the user’s machine. In this scenario, a user could be completely locked out of their files given the fact that both local and cloud copies of their data have become encrypted by the infection.
System administrators can configure machines to perform a nightly backup of critical data and store it on a server with limited network access. Cloud service providers will likely be able to retrieve a backup of the data that has been encrypted by ransomware, however, this process usually isn’t instantaneous. This can cause serious problems for enterprises that need quick access to their data.
While many of the next generation ransomware viruses we have discussed are unlikely to impact your business in the near future, it is always important to weigh the impact of ransomware in your environment and proactively take measures to reduce the likelihood of an infection.
The first line of defense for any enterprise is to provide information security awareness training for all employees. Your IT staff should draft strict data security policies that designed around reducing the surface area for a ransomware attack. If your IT department is understaffed, bringing in a managed service provider can help your organization achieve maximum data security.
If you’re ready to protect your business against the threat of next generation ransomware, you’ve come to the right place! When you schedule a consultation with us, we’ll take a look at your unique situation and what would help your business function efficiently and securely. We’ll work together to decide on the best possible way to move forward for your company and for our partnership. You can reach us by phone at (650) 887-4601 or contact us online by just clicking the banner below.
Published on 1st November 2016 by James Berger.