security-ransom

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware

You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the screen is a pop-up window saying something like “Your personal files have been encrypted”. It also states that if you want them decrypted, you’ll need to pay. You quickly go to the folder containing your business plan data files, double click on the spreadsheet, but it won’t open, it’s encrypted; click on the text document, it won't open either, it’s also encrypted. That cold fear spreads across your body as you stare at the screen, realizing that you’ve been hacked.

The above situation is becoming extremely common. The malware responsible for encrypting the files is known as ransomware, and it is arguably the most sinister type of malware to enter the cyber crime scene. If you become infected by ransomware, it is not just local files that are encrypted – files right across your network, even into remote folders, like Dropbox, can be affected. Once infected, you are then told that if you want to get those files back, you’ll have to pay the cybercriminal an amount, sometimes with many $000’s in bitcoin currency. A recent example was at the Hollywood Presbyterian Medical Center in LA, who ended up paying hackers $17,000 to have their files decrypted. Payment to the cybercriminals behind the attack is a risk, you may not get the decryption code after payment, but even the FBI, who are monitoring ransomware attacks, are currently advising to pay the ransom.

Encryption

(Image Source: Shutterstock)

Ransomware is very successful. A McAfee report into the threat shows there has been an almost 10 fold increase in ransomware between 2014 and 2015. The reason for this increase is a reflection of its success – this is a very lucrative method of extorting money from companies of all sizes and types. One of the versions of ransomware, known as CryptoWall, which is routinely monitored by the CyberThreat Alliance, was found to have attempted attacks at almost 500,000 companies. The resultant costs to those companies being around $325 million. With monies like that coming in, cybercriminals will milk this method for a while yet.

How Can I End Up Being Infected With Ransomware?

Ransomware infections usually come in via one of two routes. Either you get phished, or an ‘exploit kit’ is used:

Phishing threats: These are the most likely methods used to get ransomware onto your PC and network. The threat comes in the form of an email, with an attachment named something like ‘fax’, ‘invoice’, ‘statement’, that sort of thing. It can be a zip, but they are cloaked as pdf or docx files too. If you open that attachment, it initiates the malware program install and before you know it, your files are encrypted.

It is extremely important that the users don’t open attachments from unsolicited emails, and to double-check any suspicious emails with their IT security team,” explains Ronnie Wolf, a security expert from GFI Software, and adds: “Once just one PC is infected, the malware spreads quickly through your network, so you need to act fast in order to prevent further damage.”

Exploit kit based threats: Currently, this is the less used method of propagating ransomware infections, but my guess is that it’ll increase in usage because of its effectiveness and stealth. Exploit kits, apps taking advantage of vulnerabilities in browsers, are often used in a type of threat known as ‘malvertising’, where an online ad or video initiates a malware infection. They work by sending a user who opens a page with an infected ad to a malicious site, which contains the exploit kit.

This redirect to the bad site is difficult to detect, it’s very fast and known as a ‘drive-by-download’. Once you’re on that site, the exploit kit looks for holes in your browser software or endpoint protection and infects your machine. it literally takes seconds,” adds Ronnie Wolf.

Ransomware as a Service

security-measures

Ransomware comes out in waves or ‘families’. There have been quite a few, some more successful than others. CryptoWall is one of the most famous, but there are many others like TorrentLocker, and Locky. One worrying new movement in the world of ransomware is the creation of DIY ransomware kits or ransomware as a service. Setups like this allow even inexperienced hackers to make use of the malware to make money. The business model is as well thought out as any legitimate business, the service host taking a cut of the extorted monies. This model may well become the infection process of choice throughout the cybercriminal world and poses a major threat to all companies, of all sizes.

Is There Anything I can Do To Prevent a Ransomware Infection?

In the case of ransomware infections, the first thing you need to do is to cut off the source into your system from both ways in – via emails and Internet sites.

Email based infection: As I mentioned earlier, phishing is the number 1 way that ransomware infects computers. So the first step is to prevent email-borne infections. You need to have an email watch system in place that can spot email-borne threats, like malware, before it hits your inboxes. There are a number of products that can do this, such as GFI MailEssentials, which utilizes multiple anti-virus engines to control and eliminate incoming malware threats.

Internet based infection: Secondly, you need to watch Internet sites being accessed by your users to prevent the exploit kit based ransomware. This up and coming security threat vector is starting to infiltrate the most legitimate of websites, affecting even news sites and popular blogs. Anything that is online ad and video heavy is at risk of carrying ransomware. Making sure that your workforce doesn't end up downloading malware by being redirected to an exploit kit site is an increasingly important aspect of security monitoring. Doing so manually would be a mission impossible, so products like GFI WebMonitor can help prevent exploit kits from threatening your network security.

Keeping your systems safe from the threat of ransomware will be an ongoing battle. As cybercriminals up their game and bring into play new methods of exploiting your vulnerabilities, the only way you can keep safe is to beat them at their own game and make sure you cut off their source of infection. Ransomware is a modern pandemic, causing untold losses and stress. With any cyber security threat, vigilance is the best way to deal with it. We are in an era where we have to take these threats seriously, if we don’t want to risk losing much more than just a business plan.

By Susan Morrow

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

Numeraire Cryptocurrency

Digital Cashless Society: Dystopian Nightmares or Utopian Dreams

Digital Cashless Society A truly digital cashless society was long the realm of dystopian nightmares (or utopian dreams depending on ...
Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? In a recent study, almost all the businesses surveyed stated that big data analytics were ...
Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords Simple passwords are no longer safe to use online. John Barco, vice president of Global ...
3 Challenges of Network Deployment in Hyperconverged Infrastructure

3 Challenges of Network Deployment in Hyperconverged Infrastructure

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, ...
Finding and Implementing Startup Tools

Finding and Implementing The Right Tools For Your Startup

Implementing Startup Tools Many startups believe implementing cloud tools help reduce operation costs as well as the time taken to ...
Work In The Cloud Era: Are We Ready For Virtual Teams?

Work In The Cloud Era: Are We Ready For Virtual Teams?

Getting Ready For Virtual Teams Technological developments are ushering in a new era of work. Cloud computing has changed not ...
5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large ...
20 Leading Cloud CMS Wordpress Alternatives

20 Leading Cloud CMS WordPress Alternatives

Cloud CMS Wordpress Alternatives Content management systems (CMS) have grown exponentially in recent years. Their number and features have exploded ...
GDPR Compliance

A Quick and Dirty Guide to GDPR Compliance

GDPR Compliance Set a reminder: On May 25, 2018, the new General Data Protection Regulation directive from the European Union ...
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...