Updated: Although the TV industry discussion about cybercrimes usually relates to video piracy, recent events involving ransomware show that is not where the danger ends.
Ransomware does exactly what it says on the tin. Once downloaded and a machine is infected it boots up and locks and encrypts a victim’s computer data; the criminals then send a ransom demand to restore access.
It’s a crude tactic but an effective one (and some of the software and techniques involved are anything but crude and are actually very sophisticated indeed). And as remote working has proliferated in recent months due to the pandemic and attack surfaces have increased as a result, so the ransomware incidents are on the rise.
So serious have the attacks been in the US, that FBI Director, Chris Wray, has compared their impact to 9/11.
There have been a lot of them too. High profile recent attacks include the JBS USA meat processing company, Colonial Pipeline (which paid $5m to regain access to its gas pipeline), and then, in June, the TV stations got hit.
As NBC News put it: “First it was gas. Then it was meat. Now it’s local television stations.”
Three stations owned by the Cox Media Group in the US were taken out in an apparent attack: ABC affiliates WFTV in Orlando, Florida, and WSOC in Charlotte, North Carolina, as well as NBC affiliate WPXI in Pittsburgh. Staff were told to shut down all company computers and phones and were left using their personal phones to speak to each other. Cox Media has not commented publicly on the issues but the full recovery process was measured in weeks not days.
And, while not media specific, the Kaseya ransomware attack from early July has already become notorious when hackers infiltrated the Florida-based IT firm, seized data, and demanded $70m for its return. As a service provider to many other companies, the attack on the Kayesa network took down somewhere between 1500 and 2000 businesses worldwide, from supermarkets in Sweden to schools in New Zealand.
The 5 main types of ransomware
There are five main types of ransomware:
- Crypto-malware: Encrypts the user’s files and demands ransom, often removing backups. Sophisticated crypto-malware uses advanced encryption methods so files cannot be decrypted without a unique key.
- Lockers: Infects the operating system, especially on mobiles, and completely locks the user out, denying access to any files or applications until the ransom is paid.
- Doxware (leakware): Derived from ‘docx’ hijacks the computer and threatens to publish the user’s stolen information online if they don’t pay the ransom.
- Scareware: Fake software that acts like an antivirus or a cleaning tool but locks the computer or sends numerous irritating alerts and pop ups. It claims to have found issues on the user’s computer and sends deceptive pop-ups to purchase scareware and repair alleged errors, or demands money to resolve the issues.
- RaaS (Ransomware as a Service): The new kid on the block is malware that is hosted anonymously by a hacker. These criminals for hire distribute the ransomware and collect payments to manage the decryptors (the software that restores data access) in exchange for their share of the ransom. This means that whereas previously those demanding ransom were skilled hackers, now even non-expert coders can exploit this field.
Together, these have contributed to some of the most disruptive episodes in the digital economy. Wanacry encrypted hundreds of thousands of computers in more than 150 countries within hours in 2017, with an estimated cost to business of between $4-8 billion. A month after that, NotPetya was first detected at Maersk’s offices in Denmark, and went on to cause more than $10 billion in total damages.
According to ransomware experts Coveware, the average ransom demand was $154,108 in Q4 of 2020. There are two main pressures on this value. On one hand, fewer companies seem to be giving in to the demands thanks to effective counter-measures including, but not limited to, robust back-ups (see below). On the other, there has been a meta-trend recently for larger and larger companies to be targeted, the hackers realising that their efforts can scale to corporations as easily as small to medium businesses, with the potential rewards increasing in line with company size.
“The biggest change over the past six quarters is threat actors now realize that their tactics scale to much larger enterprises without much of an increase in their own operating costs. The profit margins are extremely high and the risk is low,” writes the company.
How to prevent ransomware attacks
So, whether large broadcaster or start-up operator, how can you mitigate against the growing threat of ransomware attacks?
First, backup. Backups are the single most effective tactic against ransomware attacks. If your information is backed up ransomware is ineffective and you cannot be held hostage. Ensure that they are stored offline, and that they can easily and safely be reinstalled. In addition, consider an additional backup in the cloud.
Netflix has been evangelical in insisting on a 3-2-1 back up rule with all its suppliers — keep at least three copies of your data, and store two backup copies on different storage media, with one of them located offsite — and the industry is tending to adopt it as best practice.
Elsewhere, consider adopting two-factor authentication (2FA) or multi-factor authentication wherever technically possible. It’s also worth looking at Dynamic Control Access which segregates your network into distinct zones, each requiring different credentials. This ensures that your entire network cannot be compromised in a single attack.
Unfortunately, your weakest point is often not your network but the people that use it. Conducting regular employee security awareness training can help with this, as can installing anti-malware / ransomware software and running frequently scheduled security scans. Purchasing ransomware insurance is also a sound move, though premiums are rising.
All these measures may not completely prevent a ransomware attack, but they can significantly reduce risk and mitigate the damage should an attack occur.
Original article: Esther Levine