Skip to content ↓ | Skip to navigation ↓

On July 10th, we at The State of Security published our June 2016 ransomware roundup.

It was a busy month for ransomware authors. The security industry witnessed the comeback of Locky, the rebranding of CryptXXX as UltraCrypter, and the emergence of educational ransomware, among other developments. Experts also saw some variants make unusually high ransom demands from its victims. (That means you, MIRCOP.)

Ransomware is on the rise. Even so, it’s not a zero-sum game. As the number of crypto-malware variants grows, so too does the level of ransomware awareness among security professionals.

That’s one of the major findings of a survey conducted by Tripwire at Infosecurity Europe 2016, which took place June 7-9 at the Olympia Conference Centre in London.

For its survey, Tripwire asked 400 security professionals to weigh in on the evolving ransomware threat. 93 percent of those surveyed said they expect crypto-malware attacks to continue to escalate, while more than half (56 percent) of respondents identified ransomware as a top concern for their organizations.

tripwire ransomware security survey
That concern begs the question: how can companies protect themselves against ransomware?

To help defend against an infection, organizations can consider implementing email filtering solutions, conducting security awareness training with their employees, and investing in other prevention measures.

But prevention only goes so far. Indeed, according to Travis Smith, senior security research engineer for Tripwire, it’s only half the battle:

“Ransomware delivers a great return on investment, so it’s not surprising that it is expected to be a growing problem for the foreseeable future. While prevention is the goal for every organization, being able to respond to an infection is every bit as important.”

Unfortunately, many organizations aren’t prepared to respond to an infection.

In the absence of a response and recovery plan, security practitioners can’t ensure the restoration of critical data that might have been encrypted. Tripwire found that only 32 percent of respondents to its Infosecurity Europe survey felt “very confident” they could recover business critical data. That finding is consistent with how security personnel responded to another survey conducted by Tripwire at RSA Conference 2016.

Data recovery plans take many different forms, but each and every one of them should begin with a data backup component. Smith elaborates on what companies can do to establish a robust data backup plan:

“Following the 3-2-1 backup rule is a good first step to prepare for a ransomware infection. You will need to have three copies of your data on two different types of media, with at least one of those copies being stored off-site. Organizations should continually test recovery procedures on these backups to keep the cost of restoring data as low as possible. In the end, paying a ransom may be determined by these efficiencies.”

You can read more results from Tripwire’s survey here.

For more information on how to protect your organization against ransomware, click here.

Hacking Point of Sale
  • “Following the 3-2-1 backup rule is a good first step to prepare for a ransomware infection. You will need to have three copies of your data on two different types of media, with at least one of those copies being stored off-site. Organizations should continually test recovery procedures on these backups to keep the cost of restoring data as low as possible. In the end, paying a ransom may be determined by these efficiencies.”

    The majority of ransomware infections that I have encountered on the job affected a single workstation or department and their file server. While it was possible to recover the file server from backup, nothing could be done about the workstations. In some cases, the user lost critical work stored on the local hard drive.

    The idea that any IT department has a 3-2-1 plan for workstation seems challenging. Should workstations (laptops in many places) have externally attached storage?