Published in Security
The bull market for bitcoin is catching a lot of attention. Most notably among hackers. This is why the cost of a ransomware attack was expected to grow 1500 percent between 2015 and 2017 to a predicted $5 billion. Some expect costs to rise to $11.5 billion in 2019.
Others saw a drop in ransomware toward the end of 2017, as cryptojacking continued to grow in popularity; hackers are stealing CPU bandwidth through compromised websites or malware.
One locks down your systems, the other slows them down. Both feed hackers’ appetite for cryptocurrency. Here’s how to stop them.
Companies are stocking up on cyrptocurrencies to pay off hackers
The ransomware epidemic has gotten so bad that companies are proactively buying bitcoin just in case they have to pay up to get their systems back.
A recent Qualtrics survey of 510 IT decision-makers found that 53 percent had purchased cryptocurrency like bitcoin as a precaution against ransomware attacks. More than half (51 percent) said their organization had stockpiled $100,000 or more in cryptocurrency, with 12 percent purchasing $1,000,000 or more.
The average ransom payment is $1,077, but the cost can quickly skyrocket when multiplied by the number of locked machines. Nearly 73 percent of the respondents work at organizations with more than 1,000 employees. You do the math.
When Hancock Health Hospital’s systems were held ransom in January, one hospital executive noted that “the amount of the ransom was reasonable in respect to the cost of continuing down time and not being able to care for patients.”
Hancock Health was forced to pay up since its backups were compromised, but paying the ransom also seemed like the best choice. The cost was competitive compared to the effort required to get systems back up and running on its own. That made it a lucrative payday for hackers and a tough decision for the organization.
Do this so you don’t have to stock up on cryptocurrency
While not recommended, ultimately, paying a ransom is an executive and board decision. But instead of purchasing cryptocurrency in advance, efforts should focus on prevention.
Don’t ignore the basics:
- Back up your critical data at an interval that makes sense. For some businesses, backing up once a day is fine. Others might need to back up every hour.
- Segment your backups from the rest of your network so they aren’t infected along with other devices. Hancock Health learned this the hard way.
- Use tools to spot ransomware, like file-integrity monitoring services or security information and event management (SIEM) services.
- Educate your employees on how to spot and report phishing emails before they click any suspicious links.
- Test your disaster recovery plan and process to make sure it will hold up under a real-world attack.
If you take steps ahead of time to prevent and quickly mitigate ransomware, there’s no reason to stockpile cryptocurrency.
But you do have to watch out for the newest scheme, which has grown more prevalent in the last year: cryptojacking.
What is cryptojacking?
Cryptojacking is secretly hijacking processing power to mine cryptocurrencies.
It can be done through compromised websites or through malware that can spread across a network and create a botnet dedicated to mining. It’s a more subtle and lucrative way to steal than locking down an organization’s devices.
Adylkuzz, a cousin to the ransomware WannaCry, spread quietly last spring, and could have produced more than a million dollars for its creators.
Now more than 4,200 government websites around the world are said to be compromised and mining Monero. The attacks are stealing processing power from prominent companies too.
Large botnets, once feared for their ability to level massive DDoS attacks, are now raking in cash. The Smominru botnet, for example, has infected 520,000 machines and has already mined $2.3 million in Monero.
How to guard against cryptojacking
While cryptojacking may seem less impactful than ransomware which completely shuts companies out of their systems, it does take resources away from systems critical for business.
Guarding against cryptojacking, like guarding against ransomware, comes down to the basics:
- Install security patches.
- Set strong passwords, and don’t reuse them.
- Train employees in security awareness.
- Harden systems.
- Set strong egress filtering to block outbound connections to command and control servers, and monitor for those connections to alert on attacks.
- Segment networks to protect against propagation of malware.
- Maintain clean backups for quick and easy restoration.
As long as there’s money to be made, criminals will do their best to exploit every vulnerability. With bitcoin and other cryptocurrencies so highly valued, this will be an attack we’ll see for a while. Prepare accordingly.
Cryptocurrencies and criminals
It’s pretty obvious why criminals like cryptocurrencies. They can be used anonymously, they’re increasingly easy to use, and they’re surging in value – what’s not to like?
Your organization is often what’s standing between criminals and the payments they seek. With a focus on cybersecurity basics, you can avoid becoming the next victim and funding further exploits.
Learn more about how to make your business more resilient against cyberthreats.