The latest report from security firm Trend Micro has shown that 2 types of cyber crime, ransonware and whaling, showed big increases over the first half of 2016 to the point where ransomware is now regarded as a ‘prevalent and pervasive threat’.
What are Ransomware and Whaling?
Ransomware is a form of malware that typically encrypts the important files on your computer and you are then given a ransom demand, the payment of which should mean that your encrypted files can be released. In reality some types of ransomware deletes many important files anyway, and paying the ransom does not guarantee that you will get access to your files back.
Whaling is also known as business email compromise (BEC) and CEO fraud. This is a type of crime whereby business email accounts are compromised so that funds can be transferred out of the business. It typically involves criminals impersonating people who have access to the company’s finances. These criminals also pretend to be someone in authority in the company such as a Chief Executive or Director in order to manipulate a staff member into transferring funds.
Big Ransomware Rise Shown in Report
The Trend Micro report shows that that the occurrence of ransomware was up by 172%, in the first half of 2016 compared with the whole of 2015. The report also identified 79 new ransomware families in the first six months of this year, with 58% of the attacks being launched via attachments in spam emails.
Ransomware is designed to attack all levels of a network and can effectively cripple an organisation. Examples of ransomware families that were prevalent in the first half of the year include Crypsam, Zcrypt, CrypJoker, Crypradam and Powerware.
UK Second on Most Whaling Attacks List
Although most whaling attacks occur in the U.S., the UK is now second on the list, followed by Hong Kong, Japan and Brazil. The Trend Micro report shows that the most targeted person in a company for whaling attacks in the first half of 2016 was the financial officer and their email account.
Why The Big Rise?
Cyber criminals are becoming more skilled and sophisticated, and they are now flexible enough to be able to alter the types of attack that they use so that an organisation can be attacked from multiple angles and at different levels.
What Does This Mean For Your Business?
In order to provide maximum protection against more prevalent and varied threats businesses should now adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching, and education of employees in order to mitigate risks from as many angles as possible.