Over 180 Indian companies were victims of “ransomware” — or online extortion schemes — in the first six months of this year, a report said on Tuesday. Ransomware, also called Business Email Compromise (BEC), globally caused companies a loss of a whopping $3 billion, the report said — although no figure has been provided for losses in India.
BEC schemes are scam tactics which compromise business accounts in order to facilitate an unauthorised fund transfer and is considered one of the most dangerous threats to organisations. According to Trend Micro Incorporated, a global leader in security software and solutions, 2016 has proven to be a year of online extortion through various malicious attacks.
“While it’s unfortunate for us, cybercriminals are resilient and flexible when it comes to altering an attack method each time we find a patch or solution,” said Ed Cabrera, Chief Cyber security Officer for Trend Micro, in a statement.
“It bodes well for businesses to anticipate being targeted and to prepare accordingly, implementing the latest security solutions, virtual patching and employee education to mitigate risks from all angles,” he added.
In total, 79 new ransomware families were identified in the first six months of the year, which surpasses the total number of new families found in all of 2015.
Both new and old variants caused a total of $209 million in monetary losses to enterprises globally. Ransomware attacks found in the first half of 2016 – like BEC scams – originated from emails 58 percent of the time.
The effectiveness of BEC scams lies in the techniques employed against its preferred targets. Attackers are able to deceive victims by combining their knowledge of social engineering techniques and well-researched information about the target.
Once attackers had picked someone of authority to spoof, their next move would involve tricking their victims to permit a fund transfer to serve as payment for an invoice or perhaps a legal settlement.
“An effective way to defend against BEC scams should be a mixture of proper employee education and security solutions that will help identify threats even before they reach a person’s inbox,” the report said.
An email solution that is able to flag social engineering techniques is needed to effectively block malicious email messages that are used in BEC campaigns, it added.