security-ransom

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware

You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the screen is a pop-up window saying something like “Your personal files have been encrypted”. It also states that if you want them decrypted, you’ll need to pay. You quickly go to the folder containing your business plan data files, double click on the spreadsheet, but it won’t open, it’s encrypted; click on the text document, it won't open either, it’s also encrypted. That cold fear spreads across your body as you stare at the screen, realizing that you’ve been hacked.

The above situation is becoming extremely common. The malware responsible for encrypting the files is known as ransomware, and it is arguably the most sinister type of malware to enter the cyber crime scene. If you become infected by ransomware, it is not just local files that are encrypted – files right across your network, even into remote folders, like Dropbox, can be affected. Once infected, you are then told that if you want to get those files back, you’ll have to pay the cybercriminal an amount, sometimes with many $000’s in bitcoin currency. A recent example was at the Hollywood Presbyterian Medical Center in LA, who ended up paying hackers $17,000 to have their files decrypted. Payment to the cybercriminals behind the attack is a risk, you may not get the decryption code after payment, but even the FBI, who are monitoring ransomware attacks, are currently advising to pay the ransom.

Encryption

(Image Source: Shutterstock)

Ransomware is very successful. A McAfee report into the threat shows there has been an almost 10 fold increase in ransomware between 2014 and 2015. The reason for this increase is a reflection of its success – this is a very lucrative method of extorting money from companies of all sizes and types. One of the versions of ransomware, known as CryptoWall, which is routinely monitored by the CyberThreat Alliance, was found to have attempted attacks at almost 500,000 companies. The resultant costs to those companies being around $325 million. With monies like that coming in, cybercriminals will milk this method for a while yet.

How Can I End Up Being Infected With Ransomware?

Ransomware infections usually come in via one of two routes. Either you get phished, or an ‘exploit kit’ is used:

Phishing threats: These are the most likely methods used to get ransomware onto your PC and network. The threat comes in the form of an email, with an attachment named something like ‘fax’, ‘invoice’, ‘statement’, that sort of thing. It can be a zip, but they are cloaked as pdf or docx files too. If you open that attachment, it initiates the malware program install and before you know it, your files are encrypted.

It is extremely important that the users don’t open attachments from unsolicited emails, and to double-check any suspicious emails with their IT security team,” explains Ronnie Wolf, a security expert from GFI Software, and adds: “Once just one PC is infected, the malware spreads quickly through your network, so you need to act fast in order to prevent further damage.”

Exploit kit based threats: Currently, this is the less used method of propagating ransomware infections, but my guess is that it’ll increase in usage because of its effectiveness and stealth. Exploit kits, apps taking advantage of vulnerabilities in browsers, are often used in a type of threat known as ‘malvertising’, where an online ad or video initiates a malware infection. They work by sending a user who opens a page with an infected ad to a malicious site, which contains the exploit kit.

This redirect to the bad site is difficult to detect, it’s very fast and known as a ‘drive-by-download’. Once you’re on that site, the exploit kit looks for holes in your browser software or endpoint protection and infects your machine. it literally takes seconds,” adds Ronnie Wolf.

Ransomware as a Service

security-measures

Ransomware comes out in waves or ‘families’. There have been quite a few, some more successful than others. CryptoWall is one of the most famous, but there are many others like TorrentLocker, and Locky. One worrying new movement in the world of ransomware is the creation of DIY ransomware kits or ransomware as a service. Setups like this allow even inexperienced hackers to make use of the malware to make money. The business model is as well thought out as any legitimate business, the service host taking a cut of the extorted monies. This model may well become the infection process of choice throughout the cybercriminal world and poses a major threat to all companies, of all sizes.

Is There Anything I can Do To Prevent a Ransomware Infection?

In the case of ransomware infections, the first thing you need to do is to cut off the source into your system from both ways in – via emails and Internet sites.

Email based infection: As I mentioned earlier, phishing is the number 1 way that ransomware infects computers. So the first step is to prevent email-borne infections. You need to have an email watch system in place that can spot email-borne threats, like malware, before it hits your inboxes. There are a number of products that can do this, such as GFI MailEssentials, which utilizes multiple anti-virus engines to control and eliminate incoming malware threats.

Internet based infection: Secondly, you need to watch Internet sites being accessed by your users to prevent the exploit kit based ransomware. This up and coming security threat vector is starting to infiltrate the most legitimate of websites, affecting even news sites and popular blogs. Anything that is online ad and video heavy is at risk of carrying ransomware. Making sure that your workforce doesn't end up downloading malware by being redirected to an exploit kit site is an increasingly important aspect of security monitoring. Doing so manually would be a mission impossible, so products like GFI WebMonitor can help prevent exploit kits from threatening your network security.

Keeping your systems safe from the threat of ransomware will be an ongoing battle. As cybercriminals up their game and bring into play new methods of exploiting your vulnerabilities, the only way you can keep safe is to beat them at their own game and make sure you cut off their source of infection. Ransomware is a modern pandemic, causing untold losses and stress. With any cyber security threat, vigilance is the best way to deal with it. We are in an era where we have to take these threats seriously, if we don’t want to risk losing much more than just a business plan.

By Susan Morrow

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and consultancy services.

Are you a cloud services expert in a world of digital transformation? If so, contact us for information on how to become part of our growing cloud consultancy ecosystem.

CONTRIBUTORS

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where ...
Our Computers Can Recognize Faces but Imagine Seeing Through an Animal’s Eyes. Now We Can.

Our Computers Can Recognize Faces but Imagine Seeing Through an Animal’s Eyes. Now We Can.

Seeing Through An Animal’s Eyes Computer Vision and Facial Recognition have gone from rare and difficult to increasingly available thanks ...
Quantum Computing opens new front in Cloud!

Quantum Computing opens new front in Cloud!

Quantum Computing As the amount of data in the world is rapidly increasing, so is the time required for machines to ...
Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the ...
How Will the Internet of Things Change The World of Trucking?

How Will the Internet of Things Change The World of Trucking?

IoT Transportation Ever since sat-navs became commonplace in cars around the world, the relationship between vehicles and wireless data has ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...
The Future of Big Data and DNS Analytics

The Future of Big Data and DNS Analytics

Big Data and DNS Analytics Big Data is revolutionizing the way admins manage their DNS traffic. New management platforms are ...
Tweaking with Application Assessment Tools

Tweaking with Application Assessment Tools

Application Assessment We have all seen the TV commercial where impossible situations are solved quickly by simply pressing a button ...
After Cloud? Fog and Edges

After Cloud? Fog and Edges

Are we already looking beyond the cloud? The Internet of Things (IoT) is driving new approaches. Own a smartphone? Odds ...
5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large ...

NEWS

Red Hat global survey finds field services operations bullish on emerging technologies

Red Hat global survey finds field services operations bullish on emerging technologies

Bullish Emerging Technologies For many industries, from transportation to utilities, manufacturing and more, field workers are pivotal to the success ...
Amazon shortlists 20 cities for second headquarters

Amazon shortlists 20 cities for second headquarters

(Reuters) - Amazon.com Inc (AMZN.O) has short-listed 20 cities and regions, including one in Canada, for the construction of a ...
DigitalOcean Announces New Compute Plans to Provide Best Price-to-Performance for Production Applications

DigitalOcean Announces New Compute Plans to Provide Best Price-to-Performance for Production Applications

Changes Position DigitalOcean as Most Competitive, Simple Pricing Solution in Cloud Infrastructure Industry NEW YORK, Jan. 16, 2018 (GLOBE NEWSWIRE) ...