By Gene Fredriksen
Ransomware is the hottest new entry in the growing field of cybersecurity threats.
In a ransomware attack on a computer system, digital criminals breach a vulnerable computer and infect it with malware that essentially encrypts or locks valuable files and prevents the user from accessing these files. The malware then proceeds to display popup messages that demand payment (ransom) from the user in order to receive the code to unlock the files for normal access.
According to a New York Times report, a form of ransomware known as CryptoWall attacked especially important files in the victim’s system, like tax receipts and bills. Then it demanded a ransom price of $500, which escalated each week the ransom demand went unmet until eventually the unlock key was deleted.
Interestingly, the people behind CryptoWall deliver great customer service to unlock the systems they encrypt. The CryptoWall crooks provide decryption keys to the user often within hours following receipt of their ransom demand.
According to researchers from Kaspersky Lab, 2,900 ransomware malware modifications appeared between January and March of 2016, an increase of 14%. Not only is malware increasingly altering itself, thus making ransomware attacks more difficult to defend against, but the number of attacks are also on the rise, with the number of attacked users up by 30% compared with the previous quarter.
Ransomware is not a new threat. In 2013, CryptoLocker was the first prominent piece of ransomware. Since then, we have seen a steady stream of malware become more stealthy and damaging with every release. It is estimated that CryptoLocker made its operators tens of millions of dollars. Now, led by CryptoLocker, a whole new family of malware is infecting hundreds of thousands of computers.
It is clear that ransomware has already become a more significant issue in early 2016, with various high-profile infections being widely reported. The U.S. and Canada even issued a joint alert on ransomware in April.
And just because a ransomware victim pays the price to regain access to their digital resources, there is no guarantee their machine will not be invaded again by the same perpetrators with the same demands.
Read on for a list of ways to help prevent you and your organization from falling victim to ransomware.
Small Businesses Beware
While mega-corporations get most of the publicity when it comes to cybercrime and hacking, new information shows nearly half of all cybercrime targets small businesses. Spam, ransomware and phishing are the most common forms of cybercrime faced by small businesses. These attacks prey on the fact that many smaller businesses cannot afford sophisticated and complex firewalls like larger corporations. Crooks often target small businesses as an indirect way to infiltrate the larger companies with which they work.
Start on the Inside
Some of the most potentially dangerous cyber threats come from the inside. While many organizations are implementing multiple layers of defenses to protect their networks from external attacks, many are unaware that an alarming portion of security risk is actually internal.
Plan Ahead
After decades of focusing time and resources to preventing and detecting cyberattacks, many security leaders have realized how they respond to cyber threats should take equal priority. As the frequency, sophistication and volume of cyber threats continue to increase, it is not as much a question of if you will fall victim to a cyberattack, but when. Organizations today need the ability to respond to and mitigate attacks quickly.
Back Up Your Data
In the case of ransomware, one of the best defenses is backing up your data on a regular basis. If your system is infected with ransomware, you will have the option of recovering to the last incremental backup. This allows you not only to recover data, but also restore the system to a point where the malware had not yet infected it. For that reason, online backups with automatic incremental backups are crucial.
Prevent Data Encryption
Another possible defense is understanding how the malware works. Ransomware typically reaches out to get an encryption key or encryption library from a command and control server. If you are able to detect and block that request, you can prevent the encryption of the data.
Gene Fredriksen is the Chief Information Security Officer for PSCU. In this role, he is responsible for the development of information protection and technology risk programs for the company. Gene has over 25 years of Information Technology experience, with the last 20 focused specifically in the area of Information Security.