April 28, 2016

CEO, what if your business was held for ransom?

Markus Melin

Head of Tieto Security Services, Tieto

Ransomware is the new menace in town.

It’s a type of malware that prevents or limits users from accessing their business critical data. Ransomware forces its victims to pay a ransom in order to unlock their systems.

Have the crooks been successful in their actions? Oh yes.

Researchers from Kent University report that 41% of CryptoLocker's victims paid up. It’s one of the most notorious ransomware and for its latest version there aren’t any 3rd party tools for decryption available yet.

The huge portion of people that have surrendered to the demands unveils how difficult the situation is once your system is compromised. If your business critical files are locked, you basically only have poor alternatives.

Bad news for enterprises

You could argue that cybercrime is starting to resemble ordinary crime.

Ransomware attackers are a bit like pickpockets. Both do their thing in secret, without anyone noticing. The majority of felons are opportunistic and choose easy targets: in the digital world this means ordinary consumers with low security controls and lack of awareness on the threats like malicious email.

According to Symantec, ransomware cases increased by 35% in 2015. And I'm sad to say that the criminals are stepping up their game.

In the beginning they were usually after documents of common people, like family photos. As ransomware production is turning into an industry of it’s own it will be clear that some criminals want to aim for bigger catch. When financial institutions and big corporations are targeted, we are talking about a totally different ball game.

It is already happening. There are reports that in 2015 banks have been under attack. As the potential gain is bigger and the risk of getting caught is still low, attacks of grander magnitude will become more common.

According to different estimates, criminals were able to blackmail from 3 to 27 million dollars with CryptoLocker. With the next breed of ransomware viruses the amounts might rise big time.

Better prepare for it

It is only a matter of time before ransomware comes knocking on your company’s digital doorstep. It might be that the next variant will steal your data, not encrypt it: waking up to an email saying “We have your data…” is something no one would like to face.

Just like every individual should be aware of pickpockets in crowded places, every CEO should know the basics of ransomware threats. Like I've written earlier, you just can’t leave security for the IT department anymore. Everybody in your staff is using Internet and thus is a potential target. Your organisation is just as secure as the weakest link.

In our latest white paper on ransomware we talk about security culture. We also provide a preventive checklist on managing the new dimension of cybercrime.

Please take a closer look and let me hear your thoughts or concerns.

- - -

Read more here www.tieto.com/security

Stay up-to-date

Get all the latest blogs sent you now!