There’s little doubt that ransomware is becoming the hottest cyber crime at the moment. The concept is quite old, yet the increasing reports of ransom payments being made suggests that the tactic is becoming much more effective.
The latest report comes from the US, where the Los Angeles Community College District has reportedly paid a ransom demand of $28000 to some crooks who had infected their network with ransomware. The attack took place at the end of December, seemingly timed to coincide with the start of the new term. We’ve not been told the type of ransomware but the attack followed a familiar pattern – an initial infection then spread using the internal network encrypting key files as it went.
They then received the demand, they were given one week to pay the ransom in order to access their files. The college decided to pay for a variety of reasons. Obviously the driving force was recovering their files, however the college also had invested in an insurance policy which covered these situations. Cyber security experts and law enforcement agents advised that paying the ransom offered a good chance of recovering their data. So the ransom was paid anroney but it is not an exorbitant amount. The cost compared to the value of the data to the organisation is worth paying. The cyber criminals have also learned that it is important to actually provide the decryption key when they are paid. Earlier extortion attempts would simply disappear, which made paying the ransom of little benefit to organisations, by keeping their word more victims are taking the risk.
Of course, the crazy situation is that if organisations simply invested in a decent back up system and some sort of disaster recovery plan then this sort of attack would be ineffective. It’s not hard to infect a poorly protected network, it only needs one avenue of attack – a clicked spear phishing email or infected memory stick left around and the ransomware can spread across the network.
The vast majority of organisations which are being targeted seem to be those who are potentially more vulnerable. Hospitals and educational establishments often have large networks with many users. They also often have under-resourced IT departments who don’t always follow security best practices. It is easy to defeat this particular form of attack but it involves investing in IT infrastructure and the relevant staff until organisations start doing this instead of paying ransoms expect these attacks to escalate.