According to a new security report released by Cisco Systems Inc., more than 9,500 people are coerced by hackers to pay ransoms every month, an alarming increase from last year's report.
The Midyear Cybersecurity Report for 2016 stated that anti-malware programs are no match for how attackers operate. Despite the fact that defenders have come a long way in protecting systems against online criminals, attackers are still finding too many loopholes in which to gain access.
The average cost of ransomware protection will set an individual or a company back $300 while criminals are making $34 million a year.
Cyberattackers will commonly fabricate a website containing an Angler exploit kit in an effort to distribute ransomware. Once access is gained, the hackers will freeze the user’s computer by scanning a web browser for security holes and then injecting the malware.
Cisco's security division examined 115,000 devices of various companies and concluded, “106,000 of the 115,000 devices had known vulnerabilities in the software they were running.” As a result, the hackers could easily gain access to corporate networks via these vulnerabilities due to outdated software.
In the period between September 2015 and March 2016, security researchers took notice of a spike in HTTPS traffic due to malicious activity. Ad injectors and adware were mostly to blame. Researchers also observed a time lag between when vendors made security patches available and not installing patches in time, granting hackers the window they needed to compromise the equipment.
Having these vulnerabilities exposed by the report, some solutions include creating and testing an incident response plan and being more cautious with HTTPS connections and SSL certificates. Researchers also suggested installing company-wide, mandatory security patches and informing employees on signs to watch for. Click here for more on what you can do to protect your system against ransomware.