According to European policing agency Europol, ransomware exceeded the most cyber crime online in 2017, reaching millions of computers.
Last year, Europol coordinated several successful cross-border operations against cyber criminals, through an 80-page report, which found data breaches, darknet markets, child pornography and payment threats.
Ilia Kolochenko, CEO of web security firm, High-Tech Bridge, said: “This alarming report is unfortunately not surprising. Ransomware is a simple and reliable way to get money from cybercrime. The growing trend of ransomware-as-a-service opens this niche even for those who don’t have many technical skills, aggravating the global epidemic.
“Many organisations and individuals have abandoned machines they have not updated for years for various reasons, from overt negligence to complicated business processes and compliances.
“Professional cyber criminals also start leveraging recent vulnerabilities and advanced exploitation and encrypting techniques in their campaigns, making ransomware a headache for companies with well-managed cyber security.”
Europol is setting up a unit to prevent dark market operations, where credit card information is being sold in addition to drugs, impacting hotel, retail and airline industries.
David Emm, principal security researcher, Kaspersky Lab, added: “The number of ransomware incidents has soared since 2012, with criminals lured by the promise of profit and ease of implementation.
“The threat continues to evolve, becoming stealthier and more destructive, increasingly targeting businesses more than individuals because the potential returns are much higher.
“Last year, the No More Ransom Initiative was launched by the National Hi Tech Crime Unit of the Dutch Police, Europol, McAfee and Kaspersky Lab. Its decryption tools have managed to decrypt data on more than 28,000 devices and deprive cybercriminals of an estimated £6.5 million in ransoms, which shows the scale of the ransomware landscape.”
Kaspersky Lab would recommend that organisations of all kinds follow these guidelines to deal with the threat from ransomware:
- Back up data regularly.
- Use a reliable security solution, and remember to keep key proactive detection features – such as System Watcher in Kaspersky Lab products – switched on.
- Always keep software updated on all the devices you use.
- Adopt good ‘housekeeping’ practices to limit the ability of ransomware to spread and impact data. These include segmenting the network, not automatically assigning admin rights to staff and restricting write access to data.
- IT security awareness for all staff is vital. Staff should be encouraged to adopt a security mindset – in particular, to exercise caution when opening –mail attachments or clicking on links. Cybercriminals often distribute crypto-malware via fake e-mail messages mimicking notifications from an online store or a bank, or imitate ordinary communications.
- If you are unlucky enough to fall victim to an encryptor, don’t panic.
- Use a clean system to check the No More Ransom site, where you may find a decryption tool that can help you get your files back.
- Be very wary about paying the ransom. You might not get your data back; and every payment the cybercriminals receive validates their business model.
- Last, but not least, remember that ransomware is a criminal offence. Report it to your local law enforcement agency.
Written from press release by Leah Alger