Why is Ransomware Successful?

by Sarah Harvey / January 24th, 2019

What is Ransomware?

Ransomware is the attack method that you’ve seen over and over again in the headlines and, unfortunately, it’s not going away. Global outbreaks like WannaCrypt, Petya/NotPetya, and BadRabbit have made ransomware a household name. The FBI reports that over 4,000 ransomware attacks occur daily. With its sophistication and frequency of attacks, it makes people think – why is ransomware successful? How can it be stopped? Let’s discuss how company culture, the workforce, malicious outsiders, and proper security configurations contribute to the success of ransomware.

How Does Ransomware Spread?

Culture of Apathy

I believe there is a growing apathy in our culture towards confidential data. Honestly, do people even believe data is confidential anymore? According to Pew Research Center, half of Americans feel that their personal information is less secure than it was five years ago. 64% of American adults have experienced data theft via credit card, account number, email account, social media accounts, Social Security number, loan, or tax return compromises. It has become habitual to worry about data breaches, identity theft, and other privacy concerns.

It’s not just about hackers or human error – the apathy in our culture has led to a rise in malicious insiders. Verizon’s 2018 Data Breach Investigations Report includes that 28% of cyberattacks in 2018 involved malicious insiders. When Accenture surveyed 912 healthcare and payer employees in the US and Canada, they found that one in five (18%) would be willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. Even more so, about a quarter of these healthcare and payer employees know someone in their organization who has sold their credentials or access to an unauthorized outsider. One out of five healthcare employees, who are responsible for protecting your data, will give it or give access to it away.

What is your organization’s culture as it relates to information security? Are you building a controlled environment that will embrace, monitor, and enforce ethical practices?

Workforce Challenges

If your organization, thankfully, hasn’t faced the challenges of malicious insiders and an apathetic culture, you will probably face an ill-prepared workforce. Some things just stay the same, and human error is one of those things.

Phishing is the primary method of attack when it comes to ransomware. In 2017, the Microsoft Office 365 security research team detected approximately 180-200M phishing emails every month. Although more and more organizations are incorporating strong security measures into their strategies, it’s still easy to phish. The Microsoft Security Intelligence Report explains, “An attacker sending a phishing email in bulk to 1,000 individuals just needs to successfully trick one person to obtain access to that person’s credentials…Phishing and other social engineering tactics can be more simple and effective than other methods, and they work most of the time for more human beings. If successful, phishing is an easier way to obtain credentials as compared to exploiting a vulnerability, which is increasingly costly and difficult.” The most successful phishing attempts impersonate popular brands, users, and domains.

You may think that because millennials are becoming a larger portion of our workforce, your organization is better protected. Millennials won’t fall for phishing emails, right? They’ll be wary and spot a social engineering attempt, won’t they? Unfortunately, the data shows that adults aged between 20-29 fall victim to more fraud than adults aged over 70.

Are you providing the necessary training to the newest members of our workforce? Is your workforce your weakest link or your first line of defense?

Malicious Outsiders

Organized criminal groups aren’t stopping; they’re only getting more sophisticated. There’s obviously financial motivation, but malicious outsiders could also be motivated by a political agenda, social cause, convenience, or just for fun. We predict that US cities and the public sector will continue to be a target for malicious attacks, especially nation-states. Nation-states have a goal of disrupting public services. Hospitals, airports, police departments, educational systems, court records, water services, payment portals, technology infrastructure – these cornerstones of the public sector are under attack every day from complex cyber threats and malicious outsiders.

What should the public sector invest in? Cybersecurity awareness to citizens and elected officials, use of forensic services after incidents or breaches, cybersecurity exercises, vulnerability scanning, and penetration testing, and competitive compensation for IT personnel.

Proper Security Configurations

Remote Desktop Protocol (RDP) has been called ransomware’s favorite access point – a place that’s commonly insecure and easily hacked. Even the FBI warned organizations that the use of RDP as an attack vector is on the rise. CrySiS, CryptON, Zenis, and SamSam ransomware have all used RDP to their advantage.

No type of malware completely fades away. Every threat that has ever been classified remains at large. The very first worms and malware are ever written still exist and are capable of system infection. Some remain actively developed, maintained, and deployed by proficient black hat hackers. Other older viruses just persist, allowed to continue by poorly maintained systems, old distribution networks, and user complacency. Even when not actively used for data destruction, malware can remain a threat to system stability and continuity.

Do those charged with governance maintain proper security configurations according to best practices? How are your security configurations being tested and validated?

Ransomware continues to be successful because organizations don’t create a culture of defense or a sense of responsibility for data, their workforce isn’t equipped to stand up against cyber threats, the threats from malicious outsiders only persist, and proper security configurations are not implemented. How is your organization preparing itself for a ransomware attack? How will you assure your clients that their sensitive data is protected? Contact us today to implement a plan for training your workforce, changing your company culture, and strengthening your cybersecurity practices.