March 06, 2017
The manipulative type of malware, which takes people’s data hostage, saw a 752 percent increase in 2016.
Dubai: Japanese anti-virus developer Trend Micro’s annual cybersecurity report, released on Sunday, revealed a 752 per cent increase in ransomware, the software used by hackers to block data and then demand money to return it.
The company’s 2016 Security Roundup also noted that cyber threats reached an all-time high in 2016, with ransomware scams gaining increased popularity among cybercriminals looking to extort enterprises.
In a recent interview, Microsoft’s Cyril Voisin, Executive Security Advisor for the company’s Enterprise Cybersecurity Group in the Middle East and Africa, spoke about the growing threat from ransomware, and what could be done to combat it.
Whilst ransomware isn’t the most popular malware in the region yet, “it is still a source of concern, because the idea that someone can infect your machine, encrypt all your data so you can’t read it, and then ask you for money to unlock it — that is scary,” Voisin told Gulf News.
“We have seen victims among consumers — all operating systems, not just Microsoft’s. But, more worryingly — we have also seen it in a hospital abroad,” he added.
Voisin is referring to an attack against the Hollywood Presbyterian Medical Centre’s systems in February 2016. The hospital eventually paid 40 bitcoin, the cryptocurrency that was worth about $17,000 (Dh62,390) at the time, to recover its patients’ records.
“I think you are still going to see a growth in ransomware, as it is easy money for attackers. They can evade protection measures like antiviruses, because they create new ransomwares all the time, and it takes at least 20 minutes for an antivirus solution to detect something it has never encountered before.”
This delay means that, for those 20 minutes, if you are relying solely on an antivirus, you will not be protected.
The cybersecurity executive was speaking at Microsoft’s Think and Act Like a Hacker event held in Dubai recently, which intended to show companies what they look like from a hacker’s perspective, and how to defend themselves accordingly.
So how do companies defend themselves against such attacks?
“It is important to not open attachments that are unsolicited, to not visit malicious websites and to make sure you have a backup,” Voisin said.
For Paula Januszkiewicz, a cybersecurity expert who has previously worked with Microsoft, Hewlett Packard and Orange, the biggest concern is how “ransomware is changing its tactics”.
“The trend we are seeing is that ransomware is executed through Windows core services, like PowerShell,” she said.
PowerShell is a tool used by network administrators to automate tasks via scripts, however if incorrectly coded, “every single user may be able to run scripts and that makes life easier for the attacker,” argued Januszkiewicz.
“PowerShell can be used to encrypt data, which is the goal of ransomware — to scramble your data so it is useless to you, until you pay the attacker to release it.”
Ultimately, according to Januszkiewicz, this is something that companies need to get better at defending themselves against.
Looking ahead, ransomware against normal people is keeping experts awake at night. With systems far easier to penetrate than most companies, and sensitive information that people’s lives often depend on, these kinds of attacks against consumers are a growing threat, according to Januszkiewicz.
“We are seeing a rise in the number of instances of ransomware for consumers. As long as attackers can earn money from it, there will be ransomware,” she added.