Confidence Low in Ransomware Recovery 

Thursday, September 1, 2016 @ 04:09 PM gHale


As ransomware and phishing attacks increase in frequency and sophistication, security professionals remain apprehensive in their organizations’ abilities to protect themselves.

When asked if their companies could recover from a ransomware infection without losing critical data, 34 percent of the respondents said they are “very confident” they could do so, according to a Tripwire survey of over 220 information security professionals who attended Black Hat USA 2016 in Las Vegas in early August.

RELATED STORIES
Ransomware Masked as Rockwell Update
German Nuke Infected with Malware
Gold Mining Company Hacked
Ransomware Attack Hurts MI Utility

Tripwire asked the same question at RSA Conference 2016 and Infosecurity Europe 2016, finding 38 percent and 32 percent of respondents were “very confident,” respectively.

“Successfully recovering from ransomware is well documented, whether through data recovery to paying ransom,” said Travis Smith, senior security research engineer at Tripwire. “It’s important for businesses to understand the costs associated with data recovery so that they’re prepared for a ransomware infection. Follow the 3-2-1 data backup rule: Gather three copies of the data on two different types of media, with one of these copies stored off-site.”

The FBI has reported ransomware attacks amassed over $200 million during the first three months of 2016, signaling that cyber criminals are on track to gain over $1 billion through ransomware by the end of the year. In addition, nearly 40 percent of businesses experienced ransomware attacks between June 2015 and June 2016, according to research from Malwarebytes. Ransomware infections can spread through a variety of tactics, including spear-phishing, malvertising, and exploit kits.

Additional findings from the survey included:
• 53 percent of the respondents were confident their executives could spot a phishing scam. Only 48 percent of the respondents at both the RSA Conference 2016 and Infosecurity Europe 2016 answered similarly.
• 19 percent of the respondents considered ransomware one of the top two security threats their organizations face.
• 22 percent of the respondents considered phishing one of the top two security threats their organizations face.

“Training is a vital aspect of preventing successful phishing attacks, especially as spear-phishing and ‘whaling’ campaigns can be more difficult to detect,” Smith said. “It’s increasingly important for executives and high-profile employees to be prepared. Users should assume links and attachments are guilty until proven innocent; verify the sender’s intent before trusting their data.”

This past July, there was a direct attack against the manufacturing automation industry when a ransomware attack hit posing as an Allen-Bradley update.

In an email obtained by ISSSource.com, Rockwell Automation was aware of the attack and issued a response warning its users of the issue.

The note from Rockwell said:

“Rockwell Automation has learned about the existence of a malicious file called ‘Allenbradleyupdate.zip’ that is being distributed on the Internet. This file is NOT an official update from Rockwell Automation, and we have been informed that this file contains a type of ransomware malware that, if successfully installed and launched, may compromise the victim’s computer. This advisory is intended to raise awareness to control system owners and operators of reports of the file’s existence as a result of reports Rockwell Automation received from the Electricity Information Sharing and Analysis Center (‘E-ISAC’).”

The release went on to say, according to the September/October 2015 issue of the ICS-CERT Monitor, “Ransomware, such as Cryptolocker or TeslaCrypt, is currently one of the most prolific categories of malware growth, rising 165 percent in varieties seen between the fourth quarter of 2014 and the first quarter of 2015″.

Rockwell reiterated this was not a vulnerability that affected Rockwell Automation products.