Upload
ibm-security
View
88
Download
0
Embed Size (px)
Citation preview
Valuing Data in the Age of RansomwareBUSINESS AND CONSUMER PERCEPTIONS OF DIGITAL EXTORTION
Limor S Kessem
June 2016
Executive Security Advisor IBM Security
2 IBM Security
Agenda
• What is Ransomware?
• Consumer Perceptions and Experience
• Business Perceptions and Willingness to Pay
• How to Respond to a Ransomware Attack
3 IBM Security
How Did This Even Start?! The Major Milestones
1989The AIDS Trojan
2005Misleading Apps
2008Fake AV
2011Lockers
“Police Trojans”
2013Cryptolockers
Drive by Download
2013Android
Ransomware
4 IBM Security
Ransomware attachment to spam has skyrocketed
Source: IBM X-Force
5 IBM Security
Locked Up For Good? …It Depends
• Lockers: Win APIs, app loops• Crypto: Symmetric encryption
@Example: AES 56-bit@Advantage: speed, length@Disadvantage: forgetting keys behind
• Crypto: Asymmetric encryption@Example: RSA asymmetric@Advantage: two keys, unique pair for each endpoint@Disadvantage: long and slow
• Double encryption@Encrypt the AES with the RSA
• Android lockers: persistent activity window
The Consumer Take
7 IBM Security
Consumers are confident in their ability to protect computers and mobile devices but aren’t necessarily taking action to do so
BUT
Overall, consumers are confident that they can protect personal data on their devices
75% are confident they can protect data on a personal
computer
67% are confident they can protect data on a mobile device
6 in 10Have not taken action in the past three months to protect their devices from being hacked
8 IBM Security
Those taking preventative action are in the minority; avoiding risky attachments is most common preventative action
71% avoided opening suspicious attachments/links in
emails/texts
59% change their passwords regularly
48% avoided using or logging into
public Wi-Fi access points
4 in 10 Have taken action in the past three months to protect their devices from being hacked
9 IBM Security
Mobile devices and laptops most important devices to protect, also two most feared for data hacks
60% laptop
64% mobile47% desktop
32% modem
29% tablet
28% home security system
5% wearable device
8% car navigation
10% home devices
16% home wifi camera
IMPORTANCE OF PROTECTING DEVICES FROM DATA HACKSLESS MORE
2.Which of the following PERSONAL or HOME electronic devices (whether you use one or not), do you think are most important for people to protect from being hacked? Please select the THREE you think are the most important. 6. Generally, how afraid are you that your data will be held for ransom, or access will be blocked on a…
10 IBM Security
“Value” of data differs slightly with financial records worth the most
Regardless of data type, roughly 37% would pay over $100 to get data back
Willing to pay $500 or more
8% 20%
Financial InfoGaming data
PasswordsMusicPersonal emails
Browser history
14%
Social network data
Online purchase data
DVR Data
Mobile phone data
Other digital photos
Family digital photos
Personal computer accessHealth records
11 IBM Security
Consumers: Say they won’t pay, then pay nine fold that amount
Over half of consumers would
be unwilling to give a hacker money in order to get their
data back
Of those who would pay, they generally are not willing to
pay more than $100
Consumers are most willing to pay for
financial data, with a slim majority of 59% indicating they would
likely pay
$900Average ransomware demandPer current day ransomware variants in the wild
Reality Check:
41%Success rate boasted by CryptoLockerUniversity of Kent research
12 IBM Security
Average Ransomware Fee Can Be Rather High
Cerber:1 – 2 BTC
Petya:1.3 BTC
1 BTC = ~ $900 US
Locky:1 - 2 BTC
Popcorn Time:1 BTC
CTB-Locker:3 BTC
7ev3n-HONE$T:
$5,000
13 IBM Security
Consumer response in the event of a data attack varies
Friends/family members are consistently ranked among the top-2 sources a consumer would go to
in the event of a data attack
Police topped the list in the case of a home computer (25%) being
hacked but was less likely for the other cases
In general consumers are extremely likely (88%) to turn to someone for help if data is
stolen from one of their devices
If data is stolen from a smart TV consumers are more likely to go to
a local electronic store (24%)
If data is stolen from a work/school computer consumers are most
likely to turn to their work IT department (40%)
Business Perceptions
15 IBM Security
Business executives are aware of ransomware but lack deeper knowledge
15
Business Executives have heard of ransomware
3 in 5
Are very knowledgeable about the topic
1 in 5BUT
62% of those who work for larger sized companies have
heard of ransomware.
VS
55% of those who work for smaller sized companies
16 IBM Security
SBs are less “data attack” prepared than larger businesses
74% of large companies
require employees to regularly change
passwords
74% of large companies block
some websites from being used in
the workplace
58% of large companies offer
training on workplace IT
security
56% of small companies
require employees to regularly change
passwords
56% of small companies block
some websites from being used in
the workplace
Only 30% of small companies offer
training on workplace IT
security
Large companies
Small companies
53% of SBs
77% of medium sized companies
76% of large companies
Taken action in past three months to protect
electronic data
17 IBM Security
The majority of executives worry about corporate data hacks
63% of Business Executive
Worry About Data Hacks
Business Executives are most concerned about financial data being hacked
72% worry about financial records
68% worry about email servers/
systems
66% worry about customer and sales records
65% worry about cloud system
access
Less confidence in ability to
protect employee vs
company owned devices
VS.
-13% pts.
18 IBM Security
Business Executives willing to pay ransom for data recovery
Regardless of data type,
roughly
60%of BEs would
pay something to get data back
from hackers
Financial Records
Customer & Sales Records
Corporate Email System/Server
Intellectual Property
HR Records
Corporate Cloud System
Business Plans
R&D Plans
62%
62%
61%
60%
60%
60%
58%
58%
19 IBM Security
“Value” of data differs slightly with financial records worth the most
Regardless of data type, roughly
25% would pay $20,000-
$50,000 to get data back
Willing to pay $50K
or more
15%
9%
Financial Records
Business Plans
R&D Source Code
IP
Corp Email/Cloud HR Records 12%
Customer and Sales Records
20 IBM Security
The Larger Companies Experienced Ransomware Before
Ransomware Experience
29% of those who work at smaller companies have experience with ransomware attacks
57% of those who work at medium sized companies
have experience with ransomware attacks
53% of those who work at large sized companies have experience with ransomware
attacks
21 IBM Security
Previous ransomware experience fairly common; generally willing to pay to resolve
21
Nearly one in two of business
executives have experience with
ransomware attacks in the workplace
Of those with experience, 7 in
ten paid to resolved the
hack
Over half of those paid over $10,000…20%
paid over $40K
22 IBM Security
Responding to an attack: while many companies have taken protective measures, most know they would benefit from expert consultation
7 in 10 Respondents stated their company has taken action to protect its electronic data from being hacked
The most useful resources in preventing a hack
58% want best practices to protect data security was
the most useful
56% stated security expert consultants are the most
useful
Ransomware Response
24 IBM Security
This is a People Problem
• Blanket user education: from receptionist to CEO
• Launch high visibility, company-wide awareness campaigns
• Train C-level executives
• Talk to board level stakeholders
• Use planned phishing campaigns to learn
what your users need to know most
25 IBM Security
Read the full IBM Ransomware guide to learn more
Visit the Ransomware landing page to review the infographic and register to receive the client engagement guide
Visit ibm.com/security/servicesto learn how IBM Security Services can help protect your organization
26 IBM Security
Preparation
IBM’s Ransomware Response Guide is largely occupied by the Preparation phase of the Incident Lifecycle.
Once the organization has been hit by ransomware, few options remain.
Sources: NIST 800-61R2, IBM’s Ransomware Response Guide
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU
28 IBM Security
Annex: Resources
• http://phishme.com/locky-a-new-encryption-ransomware-borrowing-ideas-from-the-best/
• Symantec: The-evolution-of-ransomware
• http://www.symantec.com/connect/blogs/cryptodefense-cryptolocker-imitator-makes-over-34000-one-month
• http://thehackernews.com/2016/01/javascript-ransomware-malware.html
• http://news.thewindowsclub.com/samas-ransomware-changes-way-ransomware-operates-82755/
• https://blog.fox-it.com/2016/05/02/ransomware-deployments-after-brute-force-rdp-attack/
• http://www.staradvertiser.com/breaking-news/interpol-philippines-bust-cyber-extortion-network/
• http://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-too/
• http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-bill-curb-the-extortion-malware-epidemic
• https://threatpost.com/criminals-peddling-affordable-alphalocker-ransomware/117888/
• http://researchcenter.paloaltonetworks.com/2016/05/unit42-bucbi-ransomware-is-back-with-a-ukrainian-makeover/