18 DISASTER RECOVERY JOURNAL | SUMMER 2016
be even tempted to pay the fine to not
escalate issues if they have been downloading items.
In many cases, paying the ransom is
often a “yes” decision for a company.
That’s because ransomware is largely
automated, demanding around $500 in
exchange for the decryption key for all
employees. Companies can quickly do
the math and consider the alternative
– that of a whole day’s downtime and
loss of income whereby still paying out
employee salaries. Many companies
choose the pay option and then seek to
implement the right security measures
to mitigate future attacks.
In summary, ransomware is becoming more and more of a problem for
companies, who are implementing their
business continuity plans more
often to deal with the temporary
freeze on data. It is important for
all companies to have a ransomware response plan in place.
Dr. Michael C. Redmond,
PhD, MBCP, FBCI, CEM,
PMP, ISO 27001, ISO 27035,
ISO 27035, ISO
21500 and ISO 41001 certified, PECB certified instructor, retired major (US Army),
is CEO and lead consultant
for Redmond Worldwide www.
Redmond is an international consultant, speaker, author, and trainer.
She has helped international organizations create great Cyber Incident
Response (CSIRT) programs, plans,
and playbooks; security information
and event management (SIEM) programs; and compliance programs.
Redmond has two books coming out
this year on cyber security and business continuity. Redmond has
“Basic Cyber Security” audio
training series and workbook
available at www.rwknowl-
edge.com which Disaster
Resource Guide grants six
continuing education units.
Her LinkedIn profile is https://www.linkedin.com/in/
Vibhav Agarwal is senior manager
of product marketing at MetricStream.
Agarwal has more than 12 years of
progressive experience in cybersecurity and business resilience product
marketing, cloud-based enterprise software deployment and vendor selection across hi-tech, trading,
capital markets, and Internet domains.
Protect Your Business
As a BC/DR professional, you are without a doubt aware that ransomware has impacted many businesses over the past few years. Downtime associ- ated with ransomware
can be costly.
The malware, which encrypts
data on infected systems, has
become a lucrative tool for cyber
extortionists. In a recent study conducted
by security software vendor McAfee Labs,
researchers identified more than 4 million
samples of ransomware in Q2 of 2015
alone, including 1. 2 million new samples.
That compares with fewer than 1. 5 million total samples in Q3 of 2013 (400,000
new). So, yeah, ransomware is on the rise
and you need to prepare for it.
There are a few dominant types, or
families, of ransomware in existence. Each
type has its own variants. It is expected
that new families will continue to surface,
because ransomware is constantly evolving to avoid detection by security software
products. Cyber criminals behind ransomware are constantly adapting code to stay
ahead of the curve. Historically, Microsoft
Office, Adobe PDF, and image files have
been targeted, but additional data will
be targeted as ransomware continues
to evolve. Cyber extortionists typically
request payment in the form of Bitcoins,
and the standard ransom is about
That relatively low sum is part
of the reason ransomware has
become so popular among hackers.
It’s small enough that many victims
will simply pay to regain access to
files. However, criminals target massive amounts of victims, which can lead
to big profits. The original CryptoLocker
botnet was shut down in May 2014, but
not before the cybercriminals behind it
extorted nearly $3 million from victims
in under a year. Also, the majority of ransomware attacks go unreported to law
enforcement, so there is little dissuading hackers from using it.
Spam is the most common
method for distributing ransomware. It is generally spread
using some form of social engineering; victims are tricked into downloading
an e-mail attachment or clicking a link.
Sometimes, ransomware uses scare tactics
such as claiming that the computer has
been used for illegal activities to coerce
victims. Once the user takes action, the
malware installs itself on the system and
begins encrypting files. Another common
method for spreading ransomware is a
By ROBERT GIBBONS