In November 2016, the 900-student school district in Bigfork, Montana found itself in the midst of a cyber attack. A self-replicating computer virus was working its way through the schools’ servers encrypting information as it went.
Even worse, the attackers left behind a message demanding almost $10,000 be paid as a ransom to decrypt the files. While the school district begrudgingly paid the sum, ultimately $10,000 was a far cheaper alternative than trying to meticulously rebuild and recreate the data that had been encrypted.
Unfortunately, ransomware attacks like the one Bigfork suffered are on the rise, prompting industry and government experts to warn companies of the danger and need to take immediate steps to protect their networks.
The Rise of Ransomware Attacks
According to a report by PhishMe, ransomware attacks in 2016 rose some 600% over 2015. In analyzing over 2,500 phishing attacks in 2016, PhishMe found that 90% of them used ransomware, resulting in some $1 billion being paid to cyber attackers.
Unlike many other kinds of attacks, which may primarily target individuals, ransomware is often directed at organizations because the payout is higher. In many cases, with day-to-day operations on the line, it is often cheaper to pay the ransom than attempt to combat the attack or wait on law enforcement to assist.
How Ransomware Works
In many ways, ransomware is spread like many other kinds of computer viruses or trojans. According to the FBI, ransomware often relies on user interaction, such as opening an attachment in an email or clicking on a link that infects the target computer with malicious code.
Even more disconcerting, however, is how some recent attacks have grown in sophistication, eliminating the need for victim interaction.
“These criminals have evolved over time and now bypass the need for an individual to click on a link,” according to FBI Cyber Division Assistant Director James Trainor. “They do this by
Ultimately, the FBI and many computer experts advise against paying a ransom since there is no guarantee that cyber attackers will follow through and unlock any encrypted files. Instead, an emphasis is placed on preventing ransomware attacks.
The FBI recommends a two-pronged approach:
- Using a combination of employee awareness training and technical tools to prevent attacks from happening, along with;
- A solid business continuity plan to help an organization continue operating—without paying a ransom—should an attack successfully occur.
This is related to a general principle around cyber security that is becoming more and more important. It is impossible to predict and prevent every single attack and to build enough “walls” and “fences” to permanently keep the fraudsters and cybercriminals out. By definition, they are always one step ahead, and so building resilience and real-time threat detection
Behavioral biometrics enable this. By flagging suspicious behavior, whether it comes from a human or not (malware, robotic activity, aggregator, Trojan), behavioral biometrics provide a real-time, actionable risk score that can stop fraudulent activity in its tracks.
More from our blog: