E R T N
P
X
E INIO
OP
Ransomware
is a booming
business –
make sure you don’t
get stuck with
the bill
Simon Townsend, CTO – EMEA Ivanti, discusses how
cybercrime has become a booming business over the
last few years and offers advice to organisations to help
defend against this growing and ever-evolving threat.
T
he dependence
of 21st century
organisations on
technology opens
the door to a
very dangerous
business risk –
the growing threat of cybercrime, with
ransomware being one of the costliest
weapons at a criminal’s disposal. This
claim is backed up by commercial data
consultancy Dun & Bradstreet which
saw the second largest global business
risk in Q2 2018 as organisations’
dependence on, and heightened
connectivity to, technology, leading
to more frequent and more damaging
cybersecurity issues.
The recent onslaught of ransomware has
pushed many organisations to tighten up
their cybersecurity measures in order
to prevent these attacks from taking
www.intelligentciso.com
|
Issue 06
Simon Townsend,
CTO – EMEA Ivanti
place. Unfortunately, cybercriminals
are tech-savvy, so are able to evolve to
work around many defences, modifying
their methods in order to continue with
their attack campaigns. The only way to
properly protect against these attacks
is with a defence in depth strategy that
ensures no one security control is a
point of failure, as well as an internal
security culture embedded throughout
the organisation.
Why ransomware?
Ransomware has been around for a long
time. The first attack saw Joseph Popp
PhD hand out 20,000 infected floppy
disks to attendees of the World Health
Organisation’s AIDs conference in 1989.
Along with the disks, Popp also handed
out leaflets that warned the software
would ‘adversely affect other program
applications’ and that victims would ‘owe
compensation and possible damages to
PC Cyborg Corporation’.
Victims would have to send US$189 to
a PO box in Panama if they wanted their
files back. Arguably, Popp was also an
early example of an Internet troll.
Yet, as technology developed and the
public got more savvy over the following
decades, security pros can be excused
for believing that ransomware became
a bit of a cybercrime dinosaur – Popp’s
ransomware, for example, was incredibly
easy to decrypt and it wasn’t impossible
to track down the owner of a PO box.
However, the rise of cryptocurrency
triggered a technological Jurassic
Park, as demanding ransoms suddenly
became something that cybercriminals
could do completely anonymously,
without any risk of being tracked down.
41