by Bharat Mistry
Has your organisation ever been hit by ransomware, or do you know of a business which has? It seems the answer to this question for IT leaders is increasingly ‘yes’. In fact, just last week, the FBI was forced to issue yet another warning to US firms, claiming that CryptoWall alone has made its authors a cool $18 million since last April. With ransomware surging as we head through 2015, now would seem like a good time to remind UK organisations just what the risks are, and how to keep business critical data safe from harm.
Aside from the FBI announcement, there have been numerous other warnings from the security industry about the growing threat from this new breed of malware. One survey at Infosecurity Europe this year, for example, found that over one third of enterprises had either suffered an attack, or knew of a firm which had. A further 84% said they would be seriously damaged if they were struck by a direct hit, and nearly one third (31%) claimed they’d have little choice but to pay the ransom if mission critical data was threatened with deletion.
There are, of course, numerous variants of ransomware out there. Early versions like Reveton typically contained a “police theme” – flashing up a message saying the user had broken the law and needed to pay a fee to settle the bogus offence. But the bad news is the cyber criminals have been learning, adapting and getting smarter. Many newer versions like CryptoWall and CryptoLocker have dispensed with the social engineering and introduced strong encryption, with the threat of deleting the victim’s files if the ransom is not paid in full.
These gangs have also been putting more and more of their infrastructure on anonymisation networks like Tor and I2P, in order to make it difficult for the white hats to track and disrupt.
Prevention is the cure
When it comes to ransomware it pays to be prepared. Some versions of the malware cannot be removed so there is a real risk that your most important files may be lost forever.
Here are a few guidelines on what businesses can do to mitigate the risks:
Educate staff – they’re the first line of defence here. Make sure they know the dangers of opening unsolicited messages and clicking on dubious links.
Continuously back-up content offline – this will ensure that if the worst happens, you’ll be able to restore the majority of your files
Keep anti-malware up-to-date – new ransomware is being developed all the time so it pays to be able to stop the latest threats
Patch, patch, patch – a few days ago it emerged that a recently patched Adobe Flash flaw (CVE-2015-3113) was being exploited to drop CryptoWall on machines. Always keep up to date with software and OS security updates
Consider removal toolkits – A number of vendors have tools to help you remove some strains of ransomware. We have one too!
However, it’s important to remember that these tools are not a silver bullet, so prevention is the way forward when it comes to ransomware.