security-ransom

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware

You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the screen is a pop-up window saying something like “Your personal files have been encrypted”. It also states that if you want them decrypted, you’ll need to pay. You quickly go to the folder containing your business plan data files, double click on the spreadsheet, but it won’t open, it’s encrypted; click on the text document, it won't open either, it’s also encrypted. That cold fear spreads across your body as you stare at the screen, realizing that you’ve been hacked.

The above situation is becoming extremely common. The malware responsible for encrypting the files is known as ransomware, and it is arguably the most sinister type of malware to enter the cyber crime scene. If you become infected by ransomware, it is not just local files that are encrypted – files right across your network, even into remote folders, like Dropbox, can be affected. Once infected, you are then told that if you want to get those files back, you’ll have to pay the cybercriminal an amount, sometimes with many $000’s in bitcoin currency. A recent example was at the Hollywood Presbyterian Medical Center in LA, who ended up paying hackers $17,000 to have their files decrypted. Payment to the cybercriminals behind the attack is a risk, you may not get the decryption code after payment, but even the FBI, who are monitoring ransomware attacks, are currently advising to pay the ransom.

Encryption

(Image Source: Shutterstock)

Ransomware is very successful. A McAfee report into the threat shows there has been an almost 10 fold increase in ransomware between 2014 and 2015. The reason for this increase is a reflection of its success – this is a very lucrative method of extorting money from companies of all sizes and types. One of the versions of ransomware, known as CryptoWall, which is routinely monitored by the CyberThreat Alliance, was found to have attempted attacks at almost 500,000 companies. The resultant costs to those companies being around $325 million. With monies like that coming in, cybercriminals will milk this method for a while yet.

How Can I End Up Being Infected With Ransomware?

Ransomware infections usually come in via one of two routes. Either you get phished, or an ‘exploit kit’ is used:

Phishing threats: These are the most likely methods used to get ransomware onto your PC and network. The threat comes in the form of an email, with an attachment named something like ‘fax’, ‘invoice’, ‘statement’, that sort of thing. It can be a zip, but they are cloaked as pdf or docx files too. If you open that attachment, it initiates the malware program install and before you know it, your files are encrypted.

It is extremely important that the users don’t open attachments from unsolicited emails, and to double-check any suspicious emails with their IT security team,” explains Ronnie Wolf, a security expert from GFI Software, and adds: “Once just one PC is infected, the malware spreads quickly through your network, so you need to act fast in order to prevent further damage.”

Exploit kit based threats: Currently, this is the less used method of propagating ransomware infections, but my guess is that it’ll increase in usage because of its effectiveness and stealth. Exploit kits, apps taking advantage of vulnerabilities in browsers, are often used in a type of threat known as ‘malvertising’, where an online ad or video initiates a malware infection. They work by sending a user who opens a page with an infected ad to a malicious site, which contains the exploit kit.

This redirect to the bad site is difficult to detect, it’s very fast and known as a ‘drive-by-download’. Once you’re on that site, the exploit kit looks for holes in your browser software or endpoint protection and infects your machine. it literally takes seconds,” adds Ronnie Wolf.

Ransomware as a Service

security-measures

Ransomware comes out in waves or ‘families’. There have been quite a few, some more successful than others. CryptoWall is one of the most famous, but there are many others like TorrentLocker, and Locky. One worrying new movement in the world of ransomware is the creation of DIY ransomware kits or ransomware as a service. Setups like this allow even inexperienced hackers to make use of the malware to make money. The business model is as well thought out as any legitimate business, the service host taking a cut of the extorted monies. This model may well become the infection process of choice throughout the cybercriminal world and poses a major threat to all companies, of all sizes.

Is There Anything I can Do To Prevent a Ransomware Infection?

In the case of ransomware infections, the first thing you need to do is to cut off the source into your system from both ways in – via emails and Internet sites.

Email based infection: As I mentioned earlier, phishing is the number 1 way that ransomware infects computers. So the first step is to prevent email-borne infections. You need to have an email watch system in place that can spot email-borne threats, like malware, before it hits your inboxes. There are a number of products that can do this, such as GFI MailEssentials, which utilizes multiple anti-virus engines to control and eliminate incoming malware threats.

Internet based infection: Secondly, you need to watch Internet sites being accessed by your users to prevent the exploit kit based ransomware. This up and coming security threat vector is starting to infiltrate the most legitimate of websites, affecting even news sites and popular blogs. Anything that is online ad and video heavy is at risk of carrying ransomware. Making sure that your workforce doesn't end up downloading malware by being redirected to an exploit kit site is an increasingly important aspect of security monitoring. Doing so manually would be a mission impossible, so products like GFI WebMonitor can help prevent exploit kits from threatening your network security.

Keeping your systems safe from the threat of ransomware will be an ongoing battle. As cybercriminals up their game and bring into play new methods of exploiting your vulnerabilities, the only way you can keep safe is to beat them at their own game and make sure you cut off their source of infection. Ransomware is a modern pandemic, causing untold losses and stress. With any cyber security threat, vigilance is the best way to deal with it. We are in an era where we have to take these threats seriously, if we don’t want to risk losing much more than just a business plan.

By Susan Morrow

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and consultancy services.

Are you a cloud services expert in a world of digital transformation? If so, contact us for information on how to become part of our growing cloud consultancy ecosystem.

CONTRIBUTORS

Social Media Continues To Shape Martech

Social Media Continues To Shape Martech

Social Media and Martech Martech and social media are inextricably linked and so it should come as no surprise that ...
Matthew Cleaver

Dispelling the Myths of Cloud Solutions for the Small Business

Dispelling the Myths of Cloud Solutions As a business leader, migrating to the cloud can be overwhelming due to the ...
Data as a Service

Data as a Service: 5 Strategies to Transition How You Access Data

Data as a Service Information wants to be free — at least that’s the saying. And like any good saying, ...
How IoT, Wearables, and Mixed Reality May Disrupt Banking

How IoT, Wearables, and Mixed Reality May Disrupt Banking

Banking Disruption Technology and finance have always gone together. It takes the best, most secure technologies to keep stockpiles of money ...
Lessons for Corporate Board Members from the Colin Powell E-mail Hack

Lessons for Corporate Board Members from the Colin Powell E-mail Hack

Corporate Board Member Security It’s every company’s worst nightmare: waking up to find your confidential company information plastered across The ...
The Smart City Is Closer Than You Think

The Smart City Is Closer Than You Think

Smart Cities “Today, in the era of Big Data, it is essential to have a central platform to house all ...
DELUSIONS OF ADEQUACY: WHY PRESIDENTIAL POLICY DIRECTIVE 41 FALLS SHORT

DELUSIONS OF ADEQUACY: WHY PRESIDENTIAL POLICY DIRECTIVE 41 FALLS SHORT

Delusions of Adequacy President Obama’s recent policy directive on cybersecurity was eight years in the making. Unfortunately, its proposed actions ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
How to Improve the Backup Success Rate of Data Centers?

How to Improve the Backup Success Rate of Data Centers?

Improve Backup Success Rate According to industry analysts, a significant number of backup jobs (from 5 to 25%) are failing ...
Server-less Computing Necessitates A Significant Mind Shift

Server-less Computing Necessitates A Significant Mind Shift

Server-less is More The author of the Pied Piper of Hamelin, Robert Browning, is one of my favorite English poets ...

NEWS

IBM shares rise after Barclays double upgrade

IBM shares rise after Barclays double upgrade

(Reuters) - Shares in International Business Machines rose nearly 2 percent on Wednesday, helped by a double-notch upgrade for the ...
Red Hat global survey finds field services operations bullish on emerging technologies

Red Hat global survey finds field services operations bullish on emerging technologies

Bullish Emerging Technologies For many industries, from transportation to utilities, manufacturing and more, field workers are pivotal to the success ...
Google classroom

Google to expand cloud infrastructure with new regions, submarine cables

(Reuters) - Alphabet Inc’s Google said on Tuesday it would add five regions and build three new submarine cables as ...