Of the various recent high-profile IT security breaches, perhaps the one to have the biggest impact on the public consciousness was that which affected the U.K.’s National Health Service. While other incidents may have had a greater financial cost or lead to greater loss of data, it was the inability for a hospital to treat patients that really made IT professionals and the public take notice.
The incident, had it been more professional, could have had even worse consequences, but it highlighted how nonprofessional attackers can mount an attack that has serious consequences. The ensuing media coverage has raised the awareness of ransomware – malicious software that encrypts files on a computer or device forcing the owner to pay a ransom to have access returned. However, this type of malicious agent has been growing significantly for a while.
In a recent video discussion for IT pro, featuring Helge Husemann, Product Marketing Manager EMEA at Malwarebyte, Creative Intellect Consulting’s Principal Analyst Clive Howard discussed the issues and challenges for organisations of all sizes in dealing with this growing threat. The video on ransomware can be found here and a follow up video on multi layered security can be found here.
Much of the conversation covered technology, both the technology used to mount attacks and the technology to defend (and clean up afterwards) ransomware attacks.
Among the technology used to launch ransomware attacks, the use of Ransomware-as-a-Service was highlighted as a key reason why the problem has scaled so dramatically and how attackers, such as those behind the NHS incident, can mount such devastating attacks with limited skill and resources. Ransomware technology has also adapted to enable more complex attacks. For example, code can now distribute itself around a network to infect other devices.
Of course, security software vendors offer solutions that can help to defend, contain and clean up such attacks. But with a ransomware attack consisting of different phases that cross different parts of the IT infrastructure, a good security solution will need to be multi-layered. For example, it would need to address the device that could become infected but also the network so that any infection cannot spread. As a result, protecting an organisation requires a collection of well-integrated security solutions.
While much of the discussion around ransomware naturally revolves around technology, it is worth noting that the clear majority of attacks are enabled by a user opening a file or clicking on a link that they shouldn’t. For all the technology, it is better education of people that would perhaps do the most to prevent ransomware attacks.
Sensible good practice by users does not require complex training or for them to develop IT skills. It simply requires some basic knowledge and vigilance – little different to remembering to lock windows and doors before you leave the house. As ransomware thrives with the potential for more serious attacks than we saw on the NHS made more likely, perhaps the best line of defence will need to begin with us.