Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware

You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the screen is a pop-up window saying something like “Your personal files have been encrypted”. It also states that if you want them decrypted, you’ll need to pay. You quickly go to the folder containing your business plan data files, double click on the spreadsheet, but it won’t open, it’s encrypted; click on the text document, it won’t open either, it’s also encrypted. That cold fear spreads across your body as you stare at the screen, realizing that you’ve been hacked.

The above situation is becoming extremely common. The malware responsible for encrypting the files is known as ransomware, and it is arguably the most sinister type of malware to enter the cyber crime scene. If you become infected by ransomware, it is not just local files that are encrypted – files right across your network, even into remote folders, like Dropbox, can be affected. Once infected, you are then told that if you want to get those files back, you’ll have to pay the cybercriminal an amount, sometimes with many $000’s in bitcoin currency. A recent example was at the Hollywood Presbyterian Medical Center in LA, who ended up paying hackers $17,000 to have their files decrypted. Payment to the cybercriminals behind the attack is a risk, you may not get the decryption code after payment, but even the FBI, who are monitoring ransomware attacks, are currently advising to pay the ransom.

Ransomware is very successful. A McAfee report into the threat shows there has been an almost 10 fold increase in ransomware between 2014 and 2015. The reason for this increase is a reflection of its success – this is a very lucrative method of extorting money from companies of all sizes and types. One of the versions of ransomware, known as CryptoWall, which is routinely monitored by the CyberThreat Alliance, was found to have attempted attacks at almost 500,000 companies. The resultant costs to those companies being around $325 million. With monies like that coming in, cybercriminals will milk this method for a while yet.

How Can I End Up Being Infected With Ransomware?

Ransomware infections usually come in via one of two routes. Either you get phished, or an ‘exploit kit’ is used:

Phishing threats: These are the most likely methods used to get ransomware onto your PC and network. The threat comes in the form of an email, with an attachment named something like ‘fax’, ‘invoice’, ‘statement’, that sort of thing. It can be a zip, but they are cloaked as pdf or docx files too. If you open that attachment, it initiates the Malware program install and before you know it, your files are encrypted.

It is extremely important that the users don’t open attachments from unsolicited emails, and to double-check any suspicious emails with their IT security team,” explains Ronnie Wolf, a security expert from GFI Software, and adds: “Once just one PC is infected, the malware spreads quickly through your network, so you need to act fast in order to prevent further damage.”

Exploit kit based threats: Currently, this is the less used method of propagating ransomware infections, but my guess is that it’ll increase in usage because of its effectiveness and stealth. Exploit kits, apps taking advantage of Vulnerabilities in browsers, are often used in a type of threat known as ‘malvertising’, where an online ad or video initiates a malware infection. They work by sending a user who opens a page with an infected ad to a malicious site, which contains the exploit kit.

This redirect to the bad site is difficult to detect, it’s very fast and known as a ‘drive-by-download’. Once you’re on that site, the exploit kit looks for holes in your browser software or endpoint protection and infects your machine. it literally takes seconds,” adds Ronnie Wolf.

Ransomware as a Service

security-measures

Ransomware comes out in waves or ‘families’. There have been quite a few, some more successful than others. CryptoWall is one of the most famous, but there are many others like TorrentLocker, and Locky. One worrying new movement in the world of ransomware is the creation of DIY ransomware kits or ransomware as a service. Setups like this allow even inexperienced hackers to make use of the malware to make money. The business model is as well thought out as any legitimate business, the service host taking a cut of the extorted monies. This model may well become the infection process of choice throughout the cybercriminal world and poses a major threat to all companies, of all sizes.

Is There Anything I can Do To Prevent a Ransomware Infection?

In the case of ransomware infections, the first thing you need to do is to cut off the source into your system from both ways in – via emails and Internet sites.

Email based infection: As I mentioned earlier, phishing is the number 1 way that ransomware infects computers. So the first step is to prevent email-borne infections. You need to have an email watch system in place that can spot email-borne threats, like malware, before it hits your inboxes. There are a number of products that can do this, such as GFI MailEssentials, which utilizes multiple anti-virus engines to control and eliminate incoming malware threats.

Internet based infection: Secondly, you need to watch Internet sites being accessed by your users to prevent the exploit kit based ransomware. This up and coming security threat vector is starting to infiltrate the most legitimate of websites, affecting even news sites and popular blogs. Anything that is online ad and video heavy is at risk of carrying ransomware. Making sure that your workforce doesn’t end up downloading malware by being redirected to an exploit kit site is an increasingly important aspect of security monitoring. Doing so manually would be a mission impossible, so products like GFI WebMonitor can help prevent exploit kits from threatening your network security.

Keeping your systems safe from the threat of ransomware will be an ongoing battle. As cybercriminals up their game and bring into play new methods of exploiting your vulnerabilities, the only way you can keep safe is to beat them at their own game and make sure you cut off their source of infection. Ransomware is a modern pandemic, causing untold losses and stress. With any cyber security threat, vigilance is the best way to deal with it. We are in an era where we have to take these threats seriously, if we don’t want to risk losing much more than just a business plan.

By Susan Morrow

Tom Fanelli

Episode 9: Taking a Deep Dive into WordPress for Small and Medium Business

Deep Diving Into WordPress WordPress. For a lot of people this name might initially conjure up a place for amateur bloggers, almost a hobbyist site. But nothing could be further from the truth. As an ...
Sangeeta Chhabra

Leverage DaaS To Solve Challenges of Remote Work

Solve Challenges of Remote Work In the past one year of Coronavirus (COVID-19), we have seen it all: An ailing world economy, dramatic changes in the political structure of many countries, and, most prominently, a ...
Internet Security

Firefox introduces Enhanced Tracking Protection for Desktop Users

Firefox introduces Enhanced Tracking Protection for Desktop Users Great news for Mozilla Firefox users as the internet browser rolled out its latest tracking protection features that make web surfing a lot safer. The new Enhanced ...
Episode 11: Leveraging the Power of WordPress with the Toolkit – and a Global Community

Episode 11: Leveraging the Power of WordPress with the Toolkit – and a Global Community

A conversation with TJ Danklefs of cPanel and Angelo Giuffrida of VentraIP Australia WordPress is a significant player in the global webspace, and tools like the WordPress toolkit allow businesses of all sizes prepare, stage, ...
Ronald van Loon

Modernize and Future-Proof Your Data Analytics Environment

Future-Proof Your Data Analytics Environment More than ever, we are seeing companies use data to make business decisions in real-time. This ubiquitous access makes it imperative for organizations to move beyond legacy architectures that can't ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.