Widespread Ransomware attacks in UK, US and Netherlands

Ransomwares

Increasing Ransomware target Public Institutions (Credit: Luis Delgado/Northeastern University)

SentinelOne (an end point protection company) recently carried out the Freedom of Information (FOI) requests to universities, to establish if ransomware was a significant problem in academic institutions. 63% of British universities who responded to the FOI admit to being the target of a ransomware attack.

It was also reported that more than half i.e. 56% of the UK’s universities have been targeted in ransomware attacks in the past year, according to SentinelOne. One of the universities admitted that it had suffered a total of 21 separate attacks throughout the year.

Of all the universities contacted by SentinelOne, 13 refused to answer considering the potential repercussions of their response. The most interesting yet excruciating fact being 100% of the universities which responded to the survey, reported that they had suffered from an attack, in spite of using an Anti-Virus software.

None of the academic institutions confessed of meeting the demands from the cyber criminals. However, as per SentinelOne, “the value of the ransoms demanded to decrypt the data ranged between £77 and £2299 (5 bitcoins)”.

Public institutions seem to be the prime targets for increasing ransomware attacks. Earlier this year multiple institutions and universities across the world were also targeted. Few include the University of Calgary who admitted paying a $16,000 ransom and one of the well-known hospitals in the US, the Hollywood Presbyterian Medical Center admitted paying a $17,000 ransom to cyber attackers.

Suffering a ransomware attack despite the implementation of security solutions across infrastructure ratifies the maturity of security strategy and failure of security solutions to protect against such infectious threats. As per Jeremiah Grossman of SentinelOne, “The fact that 65% of those universities suffering an attack were the victim of repeated attacks, where no ransom was [allegedly] paid, may prompt us to question the motives of the adversary as more than purely financial.”

Last year in The Wall Street Journal Symantec mentioned, Anti-Virus solutions only detect about 45% of cyber attacks. This potentially raises concerns for defining the foolproof security stratagem across enterprises and institutions.

A recent report titled ‘State of Ransomware supported by Malwarebytes was released at Black Hat USA 2016, in which they conducted a study that surveyed 540 CIOs, CISOs and IT directors from corporations with an average of 5400 employees across the UK, US, Canada, and Germany.

As per helpnet security, the study found that approx. 40% of businesses have experienced a ransomware attack in the last year itself. Of these victims, more than a third lost revenue and 20% had to stop business completely.

Wildfire ransomware which earlier had hit victims, mostly located in the Netherlands and Belgium this year, now has a decryptor available. This ransomware had spread through phishing campaigns which encouraged users to fill in a form for receiving a missed package delivery. The decryptor was released by one of the projects, which is run by the Intel Security, Europol, the Dutch National Police and Kaspersky Lab called as No More Ransom project.

Wildfire Ransomware

Wilfire Ransomware in wild

Wildfire ransomware was one of the most targeted campaigns wherein cyber criminals did adequate research on their targets with proper knowledge of real businesses and their exact locations in the Netherlands. As per SpamFighter.com, the cyber criminals also had specific domain names registered in Holland.

The above attack findings throw light on the growing ransomware threats and the fact that the attacks are getting more targeted and cyber criminals more persistent towards an attack.

Protection against Ransomware

To effectively reduce the risk of cyber-attacks and impede the momentum of ransomware attacks following proactive measures could protect your users, devices, and networks:

  1. Anti-Viruses and Software Updates: For protecting computers, networks and information across servers have the latest updates of security solutions such as anti-viruses and internet security software.
    • Up-to-date browsers, operating systems (OS) and system applications (web, Flash, Java etc.) are also one of the best defenses against such Trojans and other online threats.
    • Anti-Virus scans should be scheduled every time the software gets updated since this may prevent a compromise due to an exploit kit leveraging vulnerabilities from old platforms.
  2. Security Awareness and Training: Employees should be trained on the company’s security policy related to internet usage guidelines and corresponding penalties for violating company’s policies. Employee awareness is one of the best defenses – never responding to incoming messages requesting private information.
    • Handling of business and customer data is also one of the major items on which each employee should be trained.
    • Phishing simulation tools can also be used to assess the organization risks. Institutions should practice setting up an incident management plan to handle such issues.
  3. Restrict Macros to Execute: Macros can be disabled by default across all the environment and with Microsoft Office 2016, corporations have the flexibility to block macros from executing in documents from the internet. Since most of the ransomware require macros to be enabled as a pre-requisite to downstream and execute a malware, execution of macros should be restricted by default.
  4. Perimeter controls: Have connection filtering and spam filtering (anti-spam) enabled in email servers or at perimeter gateways. Rules should be configured for certain attachments with extensions such as .exe, .vbs or .scr can be potentially malicious and should be set to block.
  5. Periodic Backups: Have periodic backups scheduled for important business data and information. Have critical data sources back up at least weekly and store the copies either off site or in a secure cloud platform.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.