[BreachExchange] Ransomware: Why does this cyber threat keep growing?
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Mar 24 17:44:22 EDT 2016
http://www.techshout.com/features/2016/24/ransomware-cyber-threat-keep-growing/
Let’s go back in time by 30 years, and picture a typical business
environment: The office is amass with filing cabinets, all full to the brim
with documents that have been carefully separated into reams of brown
folders. Heavy, thick set typewriters adorn each large dark wood desk.
The filing cabinets have impenetrable looking locks guarding every drawer.
The keys to each drawer are different, and each key has its own box, which
is also locked. Want to find a document? It’s like the Da Vinci Code of
filing cabinets.
Back to the contemporary, and you’ll be hard pressed to find a business
which doesn’t rely heavily on technology to host and share information. It
doesn’t matter if its Word files, Excel spreadsheets, or even presentations
– they have all taken the evolutionary step out of the filing cabinet and
into the virtual environment.
It’s now extremely likely that your business relies on IT to communicate
electronically with your clients, or share information with your
colleagues. The set of pixels that appear on your screen either lead back
to that locked away server room, or the ‘cloud’ which we know to be hosted
in a secure datacentre, under lock and key.
It doesn’t matter how your business chooses to store its data, I think most
company’s worst nightmare would be to come in one day and find all of your
work gone. Or worse – someone has stolen your data and is demanding you pay
money for its safe return.
For a good few years now there has been a circulation of what, in my
opinion, is one of the worst known type of viruses out there: Ransomware.
Unfortunately it’s on the rise again at the moment, and has evolved to
something potentially devastating in today’s modern technological world.
On a typical home computer, this type of virus might encrypt your Microsoft
Office documents held on your Desktop, My Documents, My Pictures etc. The
virus encrypts your documents and then slaps a password (which you won’t
know) on everything you have created or even temporarily stored on your PC.
You will often find a set of instructions near the encrypted files with a
cheeky Q & A telling you what has happened to your files, and how you can
get them back (often by making a payment of some sort). We’ve even seen
cases where the hacker says he will upload extremely indecent images to
your PC and then alert the police, unless you pay a sum of money within a
certain amount of time.
This gets even worse in a business environment, because your computer is
probably linked into a shared working environment such as a network drive,
which then maps to your department or company’s networked server storage.
If the virus manages to do what it’s been designed to do, and finds its way
into your server, then your entire company will soon start to find their
work has become encrypted, and once again you are left with a ransom to
regain access.
Imagine the feeling being the person who has accidently allowed the virus
onto your company’s network, and you know you will have to bear the brunt
of the moans and groans of your colleagues who have lost their work –
certainly not something I’d like to have on my shoulders.
There isn’t an easy way of getting around the encryption on these files
either. It can’t simply be accessed by changing the file extension, or by
going straight to the virus and removing it from the system. The damage has
already been done.
30 years ago, when our documents were physical and all our information was
stored on site, you only had to worry about thieves actually breaking into
your building and taking what didn’t belong to them. So, you put as many
things under lock and key as you could, and that was that.
Now, thieves don’t need to be anywhere near your office to have the
opportunity to steal from you. And yet most people haven’t adapted their
traditional ‘lock and key’ approach to reflect this. There are now infinite
ways into your system.
So what can you do?
You could of course just pay the ransom. But I’d strongly advise against
this. In my experience, no matter how much you pay, there’s still a high
chance that you won’t get the sought after password to regain your access
to your files. You may even find that the ransom price will increase once
the instigators think you’re willing to pay money. It’s not as if a
criminal will care about your consumer rights at this stage.
Secondly, a well-managed IT environment will have a viable backup solution
in place, and this is always the best course of action to take. You’ll also
need to make sure you can confirm that your network is free of the virus,
so of course so a capable anti-virus solution is critical too.
Thirdly, and this is the most important one: user awareness. The ransomware
virus can only enter your network if someone opens an infected attachment,
or clicks on a link which then allows the hackers to gain access to your
computer. Or, in some cases, hackers actually replace downloadable software
on certain trusted software providers websites.
Ensuring that your staff do basic due diligence before opening attachments
or clicking on links in emails from people they don’t know, is critical to
stopping this type of virus. If something looks suspicious, it’s always
better to be safe than sorry.
A good anti-virus solution is great, but you can’t just assume this will
keep you safe and forget about basic IT security. Hackers are always trying
to find ways to get their viruses to circumvent the system, and it makes
their job a great deal easier if people are willing to let them straight
through the back door.
Up until now, Cryptolocker, which is the most prolific type of ransomware
(example shown above) and other types, have generally been only found
Windows PCs due to the massive volume of users worldwide.
In the past 24 hours there has been a massive surge in Apple MACs being hit
with this type of virus. This type of virus has been modified and is known
on Apple devices as KeRanger. The same principle applies, with a threat of
data loss unless the end user pays the ransom.
As viruses evolve and find their way onto different devices across
different operating platforms, it’s more essential than ever that users
keep their eyes open for unusual looking emails and untrusted software
hosted on websites. If in doubt, don’t open it and seek guidance from your
IT support.
A rule for your IT support would be to always ensure regular backups are
being carried out, as this will be your saving grace should the Ransomware
virus come a knocking.
So why does Ransomware keep coming back? One simple reason: because people
keep paying to have their data released.
I’m sympathetic to the people who think they have no other option than to
pay. At the end of the day, your business is your data and to lose it would
be catastrophic. But every time someone pays up, is another incentive for
hackers to keep installing ransomware. So my advice would be to not pay the
ransom fee.
I’ll leave you with one last thing – be absolutely rigorous in your
approach to user awareness and backups. Sitting on the support desk and
dealing with the sort of cases I do, it’s a lack of attention to these two
things which always makes the situation 100 times worse than it might have
been.
Putting everything under lock and key was a great idea 30 years ago. Now
the key is in lots of different places, and, if found, it can open every
drawer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160324/0382a8c9/attachment-0001.html>
More information about the BreachExchange
mailing list