Mr. Robot Highlights the Price Point Temptation of Email Ransomware

July 13, 2016

“5 days for a banking system to be down? That’s a lot of money down the drain… We can’t afford this hack right now… And frankly I think we can find 5.9million in between our couch cushions. It’s nothing.”

- Susan Jacobs, general counsel, E Corp

 Season 2 Spoiler Alert – If you watch Mr. Robot – Be aware. the season starts July 13th on USA Networks.

The popular dark cyber-thriller and hit US TV-show, Mr. Robot, is back and the show’s global success offers a perfect opportunity to educate businesses and employees around the dangers of email security. If you don’t want to know how the first episode plays out, look away now.

The new episode features the hacking group, Fsociety, conducting a Cryptowall ransomware attack on E Corp, crippling all of its networked computers, and demanding a hefty ransom. The firm’s general counsel recommends they pay the ransom as it will cost more in lost earnings to do otherwise.

This price point dilemma is at the heart of ransomware’s success. For smaller businesses, the ransom is often pitched at $400-$1,000, paid of course, in bitcoins.

The temptation to pay up and move on is all too easy. Ransomware is therefore flourishing around the world and as of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released last month by PhishMe.

Yet the FBI doesn’t support paying a ransom in response to a ransomware attack. They say that you should never try to negotiate with the attackers because it further encourages cybercrime and that there is no guarantee they’ll even release your data. Instead, pull the plug (yes, pull the power) on the affected patient zero computer, so you can preserve its hard drive for forensic analysis later.

This same style of malware disrupted a series of US hospitals in March and Lincolnshire County Council in February. More recently there were reports that Office 365 was being targeted by a massive Cerber ransomware attack.

Mimecast Threat Labs have seen significant ransomware attacks spread by weaponized attachments. These are often Microsoft Office files booby-trapped with malicious macros, delivered by email, that download and execute ransomware when opened. Our own research recently found 44% of firms had seen an increase in attacks with added social engineering asking users to enable macros. 67% were not confident their employees would spot this combined attack.

So how do you defend your organization against ransomware?

The FBI suggests two key approaches:

  • Prevention efforts—both in terms of awareness training for employees and robust technical prevention controls
  • The creation of a solid business continuity and backup plans in the event of a ransomware attack

Prevention is key but traditional anti-virus software is increasingly little protection against new variants of malware sent by email. Organizations need to combine rigorous employee training with technology that analyses malicious links and attachments in real-time.

Ransomware has become a well-funded, well-organized cyber threat in today’s market. The perpetrators have simply become too good at it and quietly paying attackers off in the event that your network is hit, only emboldens them further. A variant of Cryptowall earnt its creators around $300 million in a very short space of time; so these criminals are well-funded and very capable. Who has a similarly sized IT budget? Not many of us, if any.

Effective cyber resiliency, therefore, requires new methods of prevention and third-party archives to get you back on your feet if something still gets through.

Interested in reading more? Click here.