Virtualization Technology News and Information
Article
RSS
VMblog's Expert Interviews: Richard Walters of Intermedia Talks about Ransomware

Ransomware Interview 

Last week, Intermedia released its 2016 Crypto-Ransomware Report - which was conducted by a third party research firm.  The report, which surveyed nearly 300 IT consultants across the US, found that ransomware is targeting SMBs and enterprises alike, often bringing business operations to a halt for at least two days in the event of an outbreak.

To find out more about this topic, I spoke with Intermedia's SVP of security products, Richard Walters.

VMblog:  When did ransomware emerge, and why is it such a threat today?

Richard Walters:  Ransomware first emerged in 2005, posing as misleading apps and fake antivirus tools to alarm its targets. Its victims were asked to pay a fee to resolve the fabricated issues. Eleven years later, the most pervasive threat is Crypto-ransomware, which encrypts files and forces victims to pay a ransom to unlock the stolen files. Computers with increasing processing powers - allowing criminals to encrypt files in only a few hours - in conjunction with the rise of anonymous payment systems such as the untraceable Bitcoin, are behind the recent proliferation of ransomware attacks.

According to our recent 2016 Crypto-Ransomware Report, 48% of IT consultants witnessed an increase in ransomware-related support inquiries and 59% expect the number of attacks to increase this year. The threat is very real and beginning to target companies of all sizes. 

VMblog:  When a company is hit with ransomware, what options do they have to regain access to their files?

Walters:  Falling victim to ransomware means you are left with two choices: either spend multiple days recovering the locked files from backups or pay ransom to a cyber criminal. If you choose not to pay the ransom, business operations are often halted for at least two days. Opting to pay the ransom encourages criminals to continue this type of attack. It's by no means an easy decision. While this can feel like a daunting decision, what companies are able to control is how well prepared they are for an attack. Proper business continuity solutions are designed to get companies back up and running in very little time. To combat ransomware specifically, users need to be able to instantly roll-back their file archive to clean versions and access their files from alternate devices. This allows companies to get back to work immediately following a ransomware outbreak; not to mention, avoid having to pay the ransom.

VMblog:  What are companies' biggest concerns over ransomware?

Walters:  Topping the list of business concerns is downtime--not paying the ransom. Companies simply can't afford the business impact of operations being at a standstill. Our report found that 72% of business users lost access to data for at least two days. This can have a detrimental effect on productivity, sales and even brand reputation. When a business continuity plan is not in place, businesses are left in a desperate position, trying to get back up and running as fast as possible, and to recover as many files as they can.

VMblog:  What types of businesses are at risk of falling victim to ransomware?

Walters:  Contrary to conventional thinking, ransomware attacks are targeting businesses of all sizes. According to our report, 60% of businesses hit by ransomware had more than 100 employees. Additionally, 75% of outbreaks affected three or more people, and 47% of outbreaks spread to at least 20 people. Larger companies present greater opportunities for cyber criminals, as they have more potential targets for the outbreak to spread to, and generally more money to hand over. No business is safe from this growing threat.

VMblog:  How can companies properly prepare for a ransomware attack?

Walters:  It's important that companies educate employees on ransomware, seeing as the most common infection vector for ransomware is email - similar to phishing attacks. Therefore, employees and executives should be trained to spot suspicious emails. Additionally, employees should be taught to close their computer immediately in the event of a suspected ransomware attack versus trying to figure out a solution on their own. Taking the infected device to IT immediately will help to contain the outbreak. The human element plays a key role in identifying threats like phishing and ransomware. In addition to education, companies need to help ensure their email defense software is also able to recognize and block malicious messages.

To mitigate the impact of ransomware, we recommend creating external distribution lists, blocking zip files and other attachments, and implementing a business continuity strategy. Planning is essential to combating against ransomware. Just as a company prepares for a natural disaster, companies should be well prepared for a ransomware attack and have a thorough business continuity plan in place so that when the time comes, the decisions won't be as difficult to make.

VMblog:  Should businesses pay the ransom?  And what should they consider when making this decision?

Walters:  Businesses' first instinct shouldn't always be to pay the ransom. Each ransomware outbreak should be evaluated on a case-by-case basis. If a company is able to roll-back to clean versions of the files and access them through alternative devices, then the need to pay the ransom disappears. But if a company does not have a fully-baked business continuity plan in place, they may decide to pay the ransom to get the files back to avoid downtime. Businesses also must understand that paying the ransom doesn't guarantee they'll get their files back. Our 2016 Crypto-Ransomware Report found that 19% of ransomware pirates didn't provide what was needed to restore the files once they'd received payment.

##

Thank you to Richard Walters, SVP of security products at Intermedia, for taking time out to speak with VMblog about the topic of ransomware.

Published Thursday, March 24, 2016 6:33 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<March 2016>
SuMoTuWeThFrSa
282912345
6789101112
13141516171819
20212223242526
272829303112
3456789