Ransomware is getting an upgrade. The future of ransomware is coming, and while it’s bad news for organizations, it stands to be highly profitable for cyber-criminals.

What Makes Ransomware 2.0 Different?

While Ransomware 1.0 attacks were simplistic and haphazard, Ransomware 2.0 is likely to employ more specific, highly-targeted attacks against predetermined organizations. According to Klick, “The future attacks that worry experts will instead be highly-specialized, tailored to the unique weaknesses of a particular organization.”

Ransomware 1.0 attacks were low risk, low reward. Hackers would spread malicious code to as many devices as possible in hopes that at least a few users would pay up. But, things have changed, as there far too many bad actors out there plying their illegal trade. Because of this, many users have lost any hope paying a ransom will restore their systems if affected.

Because of this, hacker hopefuls must change their game. The market for “spray and pray” malicious software seems to be dying, so they’ll have to switch their strategy to turn profits. This means investing more time and energy into the development of nearly-customized attacks aimed at specific organizations. So, while we may see less mass-market attacks, the attacks we do see will be highly-specific and potentially devastating if successful.

It’s likely that Ransomware 2.0 will employ multiple types of attacks, much like the WannaCry vulnerability exploited in mid-2017, which used both ransomware and a worm. While the ransomware component of the attack encrypted files and demanded payment, the worm component enabled the software to spread to other systems on a compromised network. Combining multiple types of attacks isn’t unheard of. In fact, PhishMe reported that 93 percent of phishing emails were infected with ransomware in Q1 of 2016.

What’s at Risk?

Medical devices and the internet of things within the healthcare industry are specifically at risk. Medical devices may be of specific interest to cyber-criminals because they are vulnerable by nature, and, if not segmented properly, may allow access to other parts of an organization’s network.

How to Defend Yourself Against Ransomware 2.0

Defending yourself against Ransomware 2.0 requires, for the most part, the performance of common security practices you’re likely already doing. Here are the three main components of your strategy against Ransomware 2.0.

  1. Build strong defenses. It’s important to implement network segmentation to ensure IoT and medical devices are not members of the same network as PCs, laptops, and databases. Additionally, make sure you’re using proper authentication protocols for access to the network. While segmentation may help contain an intruder, authorization may prevent him from getting in at all. Finally, encrypt data wherever possible—both at rest and in transmission—to make sure it’s unreadable without an encryption key. (Make sure you’re storing encryption keys securely, too!)
  2. Monitor and maintain those defenses. Windows released a patch that prevented the WannaCry vulnerability two months before it was exploited. Had organizations patched their software, they would not have been affected. Implement controls that automate patch management—and follow them. Additionally, use IDS/IPS systems and FIM systems to monitor the network and identify when and where suspicious activity occurs. Catching this early may allow you to contain a threat before it spreads to more sensitive areas of your network.
  3. Plan for the worst. The biggest risk to your organization’s security is lack of awareness. If you don’t know where your network is weak, you can’t implement proper controls to strengthen it. The medical device field is consistently growing, and with each introduction of a new device comes an additional threat to your security. Perform risk assessments regularly to identify both known and new security risks, and define the controls you will implement to address them. Finally, perform regular security awareness training for employees. Make sure all relevant employees are aware of security risks to the organization, as well as actions they should take if they encounter threats to the organization’s security.

If the worst does happen, and your organization falls prey to the efforts of cyber-criminals, make sure you have a plan in place to effectively recover from a Ransomware attack. Preparing for Ransomware 2.0 isn’t complicated, but it’s not easy, either. As medical devices grow in popularity, your risk increases—and so does your responsibility.

BALLAST simplifies Ransomware 2.0 preparation by streamlining risk assessment. With a simplified process, you’ll be able to spend less time assessing risks and more time managing them. If you’re ready to start protecting your organization from Ransomware 2.0 as simply as possible, let our team know, and we’ll show you exactly how BALLAST can help.

Mark Fulford

Mark Fulford

Mark Fulford, CISSP, CISA, ABCP, CRISC, is a Shareholder in the risk services division of LBMC, PC. With nearly 25 years of experience in information security audit and compliance, Mark understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his expertise includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, HITRUST compliance, as well as providing assurance to clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, his focus has been on helping organizations identify and manage information security risks through both guided and automated risk assessment techniques.