IBM has dubbed 2015 the ‘year of ransomware’, after it noted this is the most common type of incident that its security Emergency Response services teams have encountered since January.
In the company’s latest quarterly threat report, it stated that there is a widespread belief among both businesses and criminals that this is a profitable form of cyber attack, and as such it will remain common into 2016 and beyond.
Ransomware attacks can be divided into two broad categories, IBM noted. The first simply locks a system and tricks the user into thinking they need to pay a ransom to recover their data. The second, more dangerous type, actually does encrypt key files and often leaves businesses feeling they have no choice other than to pay up in order to receive the decryption key.
The report observed there are a number of factors that frequently crop up among affected organisations.
Firstly, it noted that companies that do not back up their key data are especially vulnerable, which IBM observed it a surprisingly common situation. If users cannot turn to other sources to recover their encrypted data, they will need to reassess their security processes and methodologies.
Poor patching procedures are another common cause of ransomware. “High-severity software patches that should be applied within hours are sometimes applied months later, or not applied at all,” the report stated. “A well-known infection vector of ransomware can exploit unpatched operating system vulnerabilities to give attackers access to the system resources they want to lock or the data they want to encrypt.”
Thirdly, a lack of user awareness of the risk is another common cause, with IBM noting that if individuals are not aware of safe computing practices, they can undermine security systems just by clicking on the wrong link or visiting an insecure website.
The impact of such attacks can vary widely, depending on the size of the organisation and how prepared they are for such an eventuality.
“In the worst cases, mostly among small to midsized businesses, ransomware attacks can be devastating, causing a complete shutdown of business,” the report warned.