Netflix and Greenway Health became crime victims the same week in April that Verizon released its tenth annual Data Breach Investigation Report on 2016’s leading cyberattack trends. The headline grabber was this:
The number of ransomware attacks doubled in 2016 to the point where 51% of all cyberattacks involved ransomware.
Hackers hijacked the release of Netflix prison dramedy Orange is the New Black, holding the new season hostage for a “modest” ransom. The streaming entertainment company refused to pay and the attackers released the episodes.
Greenway Health suffered a true ransomware attack that impacted access to the Electronic Health Records of 400 client organizations which had to revert to manual processing of health records. Greenway’s security team worked around the clock to try to restore access while also working to determine how the attack occurred.
Both attacks come with more than obvious financial consequences. Netflix could take a financial hit because of the popular series being available for free. Greenway could run afoul of government regulators that view successful ransomware attacks as HIPAA violations. Having a television series released early is an inconvenience; not being able to access medical records is life-threatening.
Netflix is an anomaly when it comes to ransom targets. Public institutions – government agencies, schools, transit agencies, even state legislatures – were the most popular targets of malicious hackers looking to make a quick bitcoin. Number Two on the hit list were healthcare companies like Greenway. Third were Financial Services groups who tend to have more sophisticated cybersecurity defenses, but can’t always keep up with the never-ending barrage of attacks or pace of security patches required to protect their systems.
The Verizon report makes it clear, too, that ransomware is more than just a “big company” problem. More than 60% of the 2016 attacks were against SMB companies with fewer than 1,000 employees. These are organizations that are less likely to have the in-house resources to mount a vigorous cybersecurity defense.
There are basic steps any organization can take to protect against or respond to ransomware attacks: back up your data, keep your defenses up to date, train your staff, and share information with the cybersecurity community. These are all good steps, but they are not good enough in an era of highly sophisticated attacks.
Attack vectors change often and new software vulnerabilities are found daily that hackers can exploit. Updating blacklists and whitelists along with patching new vulnerabilities, often found in open source components, are never ending tasks that few organizations are equipped to handle on a timely basis.
New technologies can effectively block attempts to hold you hostage
Waratek’s application security platform can effectively block all ransomware infections along with other common attack vectors, including the 2013 OWASP Top Ten. Unlike traditional cybersecurity approaches, Waratek does not sit outside vulnerable applications watching the traffic flow in and out in search of the tell-tale signs of an attack.
We are inside an application and can see how each request is executed in real time. If the operation deviates from what’s permitted, that’s flagged as an attack and the action is blocked before any mischief can be done.
Our virtualization approach offers the ability to improve security without the side effects of most current solutions – a high false alarm rate and/or a big drag on the speed of an application. We never need access to your application’s code and you don’t have to routinely tune our solution. Ever.
“Having a television series released early is an inconvenience; not being able to access medical records is life-threatening.”
Ransomware may be the attack currently favored by hackers, but there’s no longer a reason businesses and other organizations should fear becoming a hostage.
John Matthew Holt is the Founder and CTO of runtime application security firm Waratek. He holds more than 60 patents related to virtualization and runtime protection.