With cybercriminals making millions – if not billions – of dollars from ransom requests, companies have also been targets of opportunity. While file encrypting ransomware such as CryptoWall have been known to cause financial losses topping $18 million, variants that encrypt the NTFS MFT (Master File Table) – Petya for instance – have been raising concern, as recovery from it involves complete endpoint downtime and significant IT challenges.
Incidents like the one involving the Presbyterian Medical Center in Hollywood have shown that cybercriminals are far more likely to target organizations, as they’re willing to pay a lot more for recovery than private citizens - $17,000 in this case. While the financial fallout of the recently analyzed Petya ransomware have yet to be revealed or felt by organizations, it indicates cybercriminals are constantly developing new ways to reach companies.
When asked how well prepared they are to face a ransomware threats, 13 percent of the 200 surveyed security experts attending the RSA 2016 were not confident that recovery would be possible in case of a ransomware infection. While 49 percent were somewhat confident they could recover quickly, there’s still the issue of how much this would cost the company in terms of reputation, man hours, and even money.
Since the Petya ransomware analyzed by our research team differs from traditional ransomware – as it completely locks out access to the endpoint’s operating system – mitigation and data recovery would pose a significantly greater problem than a traditional ransomware infection. If, until now, employees could still browse the internet or use the operating system while locked out of their files and data, with Petya all that is forfeited. Endpoints are left running a custom kernel whose only purpose is to facilitate the purchase of a decryption key via a minimal user interface during the entire process.
Consequently, sanitizing the machine and simply restoring a backup of your files is out of the question. IT departments have to either completely reinstall the endpoint – hopefully from a full backup – or purchase the decryption key and decrypt the NTFS MFT. The cost of recovery following a Petya ransomware infection could outweigh those of a regular ransomware infection, as it involves taking endpoints offline to restore them to working order. User downtime and IT challenges turn any ransomware infection into a costly experience.
Surveys have shown that 72 percent of business uses were locked out of their data for at least two days following a ransomware infection, while 32 percent were sidelined for five days or more. With business continuity as a top priority for any organization, recovering from a ransomware infection should combine real-time backup solutions with a comprehensive Business Security Solution and immunization tools.
Bitdefender’s Enterprise endpoint protection offering consists of Bitdefender GravityZone, a leading security solution to secure even the most complex hybrid infrastructures. Whether physical or virtual, a combination of on premise and private or public cloud, GravityZone offers organizations dramatically faster and more efficient risk management.
tags
Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact in critical public and private business infrastructures. His passions revolve around innovative technologies and gadgets, focusing on their security applications and long-term strategic impact.
View all postsDon’t miss out on exclusive content and exciting announcements!