Similar to the way the Zika virus caught the world off-guard with its sudden rise, the world of banking cybersecurity has been rocked by a digital plague of its own—ransomware. Compared to Zika, there’s not as much national attention on ransomware, but it’s a very real threat that exploits a bank’s most vulnerable security gaps. And much as a disease spreads from personal contact, ransomware relies on taking advantage of people, usually via interactions on email or social media.
Ransomware Uses Social Engineering Methods to Infiltrate
Given the choice, criminals will target the easy victim. They’ll break into the car with the keys in the ignition rather than a locked car, because of the simplicity with which they can strike. They want to complete their task in the least amount of time, with minimal risk.
The same stands true for cyber criminals. Although cyber criminals operate in the digital world and not the physical realm, they seek the path with the least amount of risk and resistance—and social engineering provides that path. A tool in the cybercrime arsenal since the 1980s, this attack methodology preys on the human instinct to trust and be helpful. Over the last few years, social engineering, which relies on taking advantage of a human mistake, has leveraged a treacherous new tactic with the introduction of ransomware.
How Does Ransomware Work?
Ransomware, at its core, is a bait-and-switch scam. It often appears as a legitimate email, similar to a phishing attempt, but it’s actually coming from a hacker. It can contain hyperlinks that lead to malicious or hijacked websites, or more commonly, include an attached document containing a malicious macro. If the recipient opens the attachment or clicks on the malicious link, malware installs itself, encrypting and locking all data on their computer as well as any network data to which the user has access. The legitimate end user, and possibly the entire organization, is locked out until a form of ransom is paid.
Dangerous Increase of Hacker Sophistication
Over the years, hackers have implemented very sophisticated tactics to proliferate ransomware attacks. In the beginning, they distributed spam emails to gain entrance. But now that email systems are better at filtering spam messages, hackers have turned to spear-phishing emails that target specific individuals.
To choose their target, these criminals scan social media and other public sites looking for information—typically about key personnel within an organization. The hacker sends an email to these individuals under the guise of another employee, and attaches a document that needs their attention. Once the attachment is clicked, the criminal gains access into the system.
How quickly is this form of digital crime spreading? Since 2005, more than 7,700 ransomware complaints have been submitted to the Internet Crime Complaint Center (IC3), but nearly one-third of that total—2,453 complaints—was reported in 2015 alone. Cyber criminals have implemented this direction of attack because they’ve figured out that they can monetize their social engineering tactics and paralyze their victims at the same time.
Inoculate Against the Threat with Multiple Layers of Security
As with most viruses, you can protect yourself, and ransomware is no exception. By implementing multiple layers of security, you can protect your institution from falling victim to an attack. And if an attack does occur, these levels of security can reduce its severity.
These six steps provide the foundation of a well-rounded, multi-layered ransomware antidote:
- Educate your employees on best practices for spotting social engineering schemes
- Disable macro scripts from Microsoft Office files sent through email
- Closely manage and review privileges and permissions to ensure employees only have access to networks they need for their job. This can help segment a network and isolate a ransomware attack to one portion of the network
- Back up data daily, which allows you to recover most of your data instead of recreating it
- Segment your network to avoid having a rogue file wipe out the entire system
- Invest in social engineering and penetration testing to ensure that policies and procedures are updated and up-to-task.
Now is the time to make sure your institution avoids falling victim to this digital plague. Ensure your defenses are impervious, so cyber criminals move on to easier targets.