Digital Hostage Crisis:
The Rise of Ransomware
What could be more deadly to a small business' bottom line than lost or unauthorized access to customer data? High profile breaches, cyber attacks and advanced malware reported in 2015 show cyber criminals' increased diversification and capabilities. Think Sony Pictures and Home Depot.
One of the many scourges of IT security, ransomware is malware with a vengeance. Since it emerged in Russia in 2005, ransomware continues to evolve and create international havoc. How does it work? This malware takes data hostage and promises a decryption code in return for Bitcoin payment.
What does a ransomware attack look like?
Ransomware viruses are often introduced via email in an attachment that appears to be legitimate, like an invoice or e-fax. Sometimes a link will appear in the email urging the recipient to click. After the victim clicks on the attachment or link they are directed to a malicious website that infects their computer. The malware encrypts files on local drives, backup drives and any other computers on the network. A victim remains unaware until the ability to access data is noticed and messages surface demanding payment for a decryption key.
The improvements of spam filters necessitated the evolution of ransomware delivery. Cyber criminals now spear phish targeted individuals with email and sometimes attacks don't use emails at all. FBI Cyber Division
Assistant Director James Trainor explains, "These criminals now bypass the need for an individual to click a link by seeding legitimate websites with malicious code or taking advantage of unpatched software on end-user computers."
Ransomware may also cleverly disguise itself as an urgent popup on a browser advising of a virus, system security risk that needs to be addressed immediately. The addition of the user's IP address and the logo of local law enforcement or the FBI gives the warning an air of authenticity. Other times, the warning tells the user that illegal activity or viewing sordid websites caused the machine to be infected.
The Department of Justice (DOJ) warns in a recent report to the Senate that the most sophisticated ransomware is nearly impossible to defeat without the hackers' decryption key. Paying the ransom does not guarantee that the victim will actually receive a decryption key or that the key will work. The FBI advises against paying a ransom, citing that it merely serves to encourage these types of crimes and may fund other illicit activities. Prevention is the best strategy.
The FBI advises against paying a ransom, citing that it merely serves to encourage these types of crimes and may fund other illicit activities. Prevention is the best strategy.
Seven Keys for Preventing Ransomware Attacks
Backup data regularly and keep a recent backup copy off-site.
Ransomware isn't the only enemy of valuable data. Natural disasters, theft, a dropped laptop or even an accidental deletion cost time and money. Encrypted backup is best.
Do not enable macros in document attachments received via email.
Microsoft disabled auto-execution of macros as a security measure, so do not heed the malware prompt to enable macros.
Take care with unsolicited attachments and teach your employees to do the same.
If you are not sure about the safety of an attachment, do not open it.
Patch early and often.
Malware that doesn't come in via document macros often relies on security bugs in popular applications, like Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.
Manage the use of privileged accounts.
No users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately.
If users only need read specific information, they don't need write-access to those files or directories.
Have security software installed and up to date.
With the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection.