Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can enterprises mitigate ransomware as a service?

A rise in ransomware attacks has been attributed to a new service model for cybercriminals. Nick Lewis explains what's behind this new threat.

The ransomware as a service model has reportedly caused a dramatic increase in ransomware attacks. What is ransomware...

as a service, and how is it affecting enterprise security? What can be done to mitigate the chances of falling victim to an attack?

Ransomware as a service is a model where a ransomware author develops malicious code and makes it available to multiple other criminal affiliates -- sometimes by purchase -- allowing them to send it to targeted users via phishing or other attacks. It is very similar to exploit kits, but ransomware as a service takes it a step further to the most important part for a criminal -- the money part. The as a service model allows malware authors to scale their criminal enterprise with minimal risk to themselves. The malware author can produce the malware ransomware and instruct other criminals on how to set up the infrastructure to carry out the attacks. This frees the malware authors from that part of the attack, but the model still generates revenue for them, as cybercriminals will pay to use the malware. And according to McAfee security researchers, the model's ability to create a vast "affiliate program" for ransomware types like CTB-Locker resulted in an increase in ransomware attacks in 2015.

The threats produced by ransomware as a service affect enterprise security the same ways other traditional ransomware does, but the service model means there are more threats to contend with. It's important to remember the ransomware model is particularly well-suited to target enterprises; for many enterprises, it's worth paying the ransom rather than losing their vital corporate data.

Implementing appropriate endpoint security defenses are important to protect organizations from ransomware as a service attacks, but they are not sufficient. The best defense to ransomware as a service attacks is good backup practices. These practices should include backing up all data to disconnected storage media. The disconnected or removable media aspect is particularly important, as the backups themselves could be encrypted by ransomware if the backup files are stored on the infected system. The backups could be connected to a centralized service where the client can't directly access the files and spread the ransomware. The data backed up shouldn't just be the files stored on the local hard drive, but any files the endpoint or user has access to over the network, as those files are also vulnerable to malware.

Next Steps

Find out why defeating CryptoLocker ransomware is so difficult

Learn the best ways to protect corporate data from ransomware

Read about the differences between extortionware and ransomware

This was last published in February 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your organization handle backing up data in case of a ransomware incident?
Cancel
It is a bit underwhelming to learn that backups are good defense against malware. (Lowtechtarget?) How about going a bit farther with advice on how to put a managed 'air gap' equivalent between the system and the backup. For example, USBLock by spiceworks.com explicitly claims to protect from ransomware all USB media, including external hard disks, through passwords (apparently -?- password-mediated USB software rather than mounting). I'd like to see a thorough test of that. Also, if physical disconnection is truly required, I'd like to see some cheap and compact USB3 off-on switches which break data as well as power lines; to my knowledge, Amazon until recently sold the only one I've seen (HmbG 1401).
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close