The incidence of ransomware attacks in the U.S. has leveled off since 2017 for a variety of reasons, including improved defenses by targeted organizations that have made such attacks less profitable for perpetrators, experts said Tuesday at the 2018 Symantec Government Symposium.
Kevin Haley, director, product management for security response at Symantec, explained that ransomware attacks–in which an attacker seizes control of systems and data through forced encryption via malware exploits–ramped up sharply from 2013 through 2016 but that the number of attacks leveled off last year.
In addition to improved defensive measures by potential victims, attackers began to have less success because they boosted the size of their ransom demands, he said, which induced fewer victims to pay ransoms.
And, he said, Symantec is seeing fewer creations of new ransomware attack methods, having counted only eight new attack “families” in 2018. At the same time, average ransom demands fell to the $500 range in 2017, from the $1,000 range previously.
“We all learned fast” how to defend against malware, said Michael Sardaryzadeh, chief information security officer at Texas A&M University. “That’s why the reward is not there … It’s more difficult for attackers to succeed,” he said.
Helping to create improved defensive postures are the activities of industry-specific information sharing and analysis centers (ISACs) and organizations (ISAOs) that provide central hubs for gathering and disseminating cyber threat data, said Cindy Donaldson, president of the Global Resilience Federation, which connects intelligence sharing communities including ISACs and ISAOs for mutual defense.
“I couldn’t agree with you more” about the value of ISACs, said Sardaryzadeh, who called joining such organizations a key step toward improving security.
Both Donaldson and Sardaryzadeh said the prescription for thwarting ransomware attacks boils down to simple steps.
“It always comes back to patching and best practices,” Donaldson said, while Sardaryzadeh echoed, “The secret is doing the basics correctly . . . Proper risk management is where it starts.”
Regularly backing up data, Sardaryzadeh said, can turn ransomware attacks into a mere “annoyance.”
“I do think as an industry we are doing better,” Donaldson said. Improved security and practices, added Haley, “is why a lot of the [attack] amateurs have left.”