If you ask the Institute for Critical Infrastructure Technology (ICIT), this is the year when “ransomware will wreak havoc on America’s critical infrastructure community,” including financial services.
Ransomware basically locks the data on a computer — or the computer itself, or even an entire system or network — so that users cannot gain access to data or processes; it then holds the system and its data hostage, or even threatens destruction of the data, until the system’s owner pays a ransom for its release. The recent decision by Hollywood Presbyterian Medical Center to pay hackers $17,000 in bitcoin to release its entire digital network has highlighted just one of the dangers posed by such threats.
In the ICIT Ransomware Report, provocatively titled “2016 Will Be the Year Ransomware Holds America Hostage,” the authors lay out the threat posed by this rising form of hacking, which “is less about technological sophistication and more about exploitation of the human element.”
Ransomware can arrive on a computer system the same way other malware does, but ransomware threat actors — those who hold the data hostage — aren’t usually able to breach systems themselves. Instead they rely on a variety of methods to get their malware onto the systems they deem ripe for plucking.
Why should you care about ransomware? Simple: ICIT says that “financial institutions are likely the next major sector to be targeted by ransomware, if their systems have not been infected already.” Ransomware attackers are 21st century highwaymen, the report says, “threatening the lifeblood of their victims — information” and “law enforcement has neither the time nor the resources to track down the culprits.”
In fact, if infected by ransomware, law enforcement itself often pays the ransom simply to regain control over its own computer systems. If the good guys are reduced to paying ransom, what’s a financial services firm to do — particularly since the cost of being locked out of customer data can be far higher than paying ransom?
(See Dan Skiles’ Investment Advisor column on steps advisors should take if faced with a ransomware attack, Don’t Pay the Hacker’s Ransom.)
One thing firms can do is make sure that personnel are more aware of common ransomware attacks, since, as the report says, “[o]nly a societal cybersecurity reformation in user awareness and training will deter the attackers.”
The importance of not clicking on unknown emails or attachments, or even ads on reputable sites, and of learning to recognize bogus emails and ads, should be impressed on all staffers from top to bottom at financial firms. In addition, all personnel should be warned not to use unsecured devices for client data, connect unprotected personal devices (such as flash drives) to company systems and to keep their own antivirus protection up to date. Last but not least, firms should keep their own system protections current, ensure that all third-party vendors are thoroughly checked out, and have a plan in place to respond if they’re infected.
To that end, here are seven ways the report says ransomware can gain a foothold at your firm:
1. Traffic distribution system (TDS)
As if you needed another reason that watching porn at work is a bad idea. Traffic distribution services redirect Web traffic to a site hosting an exploit kit. That traffic can be pulled from adult content sites, video streaming services or media piracy sites. Some ransomware groups may even hire a TDS to spread their ransomware. If the host is vulnerable to the exploit kit on the landing page, then the malware is downloaded onto the system as a drive-by download, sometimes without the user’s knowledge.
As with a TDS, a malicious advertisement can redirect users from a harmless site to a malicious landing page. Malvertisements may appear legitimate and can even appear on trusted sites if the administrator is fooled into accepting the ad provider or if the site is compromised. Malicious threat actors can purchase traffic from malvertisement services. Redirected victims can be purchased according to geographic location, time of day, visited site and a number of other factors.