Security Pros Not Confident in Ability to Fight Ransomware

Sunday, April 03, 2016

Ionut Arghire


Only 38 percent of security professionals are "very confident" in their company’s ability to successfully deal with the increasing ransomware threat, a new survey from Tripwire reveals.

The research, conducted among 200 security professionals who attended RSA Conference 2016, reveals that 49 percent of the respondents are only somewhat confident that they could be able to recover after a ransomware infection without losing critical data. Furthermore, 13 percent of them admitted they were not confident at all they could do so.

Ransomware has become one of the biggest cyber-threats recently, and is being employed freby cybercriminals looking for fast and easy revenue. While threats such as CryptoWall and Locky are dominating the ransomware segment at the moment, more and more malware families are emerging, employing newer, more advanced infection techniques.

One of the latest threats in this area is PowerWare, a piece of macro ransomware that abuses Winows PowerShell to conduct its nefarious operations, without writing malicious files to the system. Last month, security researchers retailed Petya, a new ransomware family that encrypts entire hard drives, and which modifies the Master Boot Record (MBR) to prevent users from accessing their data.

Ransomware is targeting both end-users and corporate networks alike, and has become a business model for bad actors, as Scott Gainey, Senior Vice President and Chief Marketing Officer at SentinelOne, explained in a SecurityWeek column earlier this year. However, as Tripwire’s report reveals, many organizations are yet unprepared for the fight.

According to the survey, 73 percent of the surveyed security professionals view critical infrastructure providers as more vulnerable to ransomware attacks than other organizations. With ransomware using spam and phising emails as one of the main distribution techniques, improper protection against these attack vectors allows cybercriminals continue spreading their malware unhindered.

Tripwire’s survey revealed that only 48 percent of the responding security pros are confident that executives can spot a phishing scam, while 58 percent revealed that their organization has seen an increase in spear phishing over the past 12 months. While 17 percent of respondents said they were not sure of the increase, only 25 percent were confident that it did not happen.

“The decision to pay a ransom comes down to the confidence and financial cost of recreating or restoring data from a previous backup. Since most ransomware samples we have seen have a time limit to pay, it’s important to have confidence you can restore data the majority of data on short notice. Organizations should focus on improving backup and restoration procedures to reduce the cost of restoring data and services after a potential breach,” Travis Smith, senior security researcher for Tripwire, said.

The fact that ransomware is increasingly targeting organizations is proven by the fact that PowerWare was discovered in a campaign targeting a healthcare organization, and that the Hollywood Presbyterian Medical Center in Los Angeles in February paid $17,000 in ransom after computers in its network were infected with ransomware. 

Possibly Related Articles:
malware Ransomware
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.