You have no doubt heard of computer viruses and if you’ve followed any of our previous blog posts, you’ll know that it’s a subject that we discuss quite a bit.
The latest trend in terms of malicious software (also known as malware) is the area of Ransomware and it is becoming increasingly common. As its name suggests, it stops a user from freely accessing their computer system until they pay a sum of money – a ransom. The user can be literally locked out – this type of ransomware is called a “blocker”. Or they can retain access to their system but be unable to access certain files that have been encrypted by the perpetrators. This type of ransomware is called encryption ransomware.
Here’s an example of what you would see if your access to your system was blocked:
The cybercriminals will typically threaten to delete files if the ransom is not paid within a particular timeframe – often just a few days. And the amount demanded is often increased as the deadline approaches.
But is all this talk of ransomware exaggerated? Or is there cause for genuine concern? To help answer that we should look at some numbers.
Intel Security reported a 165% increase in new ransomware in the first quarter of 2015.
A June 2016 report from leading international security group Kapersky has found that the total number of its users “who encountered ransomware between April 2015 and March 2016 rose by 17.7% compared to the previous 12 months (April 2014 to March 2015) – from 1,967,784 to 2,315,931 users around the world”.
You may be wondering what types of systems are being attacked. It began with Windows machines – with access being blocked and files being encrypted. Just this month though CIO reported that a new ransomware program encrypts not just your files but the very files used by a windows machine to “boot”. With these files encrypted Windows itself cannot be started. The program even has a sinister name – Satana – “Satan” in Italian and Romanian.
But Windows machines are no longer the only target. Ransomware is now also targeting mobile devices. For Kapersky’s mobile users the “number of users attacked with mobile ransomware grew almost 4 times : from 35,413 users in 2014–2015 to 136,532 users in 2015-2016”.
The oft-touted Apple fortress has also been breached. CNet reported this March that “security researchers have discovered what they believe to be the first-ever ransomware attack targeted at Apple users that actually made it out into the wild, meaning it’s a genuine threat.” There is no real technical barrier to any device connected to the internet being a target.
We’ve looked at the types of machines that can be targeted but what about the people? It used to be just individuals or home users who seemed more susceptible to an attack by a virus or from malware but that is no longer the case. The reason is simple: Money. Cybercriminals want to be efficient with their attacks. They want to maximise the potential payout per attack and so they have targeted organisations and businesses who have more money than individuals. Budgets can also be affected by the sensitivity of the threatened data. Family photos are different from employee contact information and customer credit card numbers. As DARKReading.com said only on July 1st “an individual might be limited to a $500 ransom, but how about a manufacturer or a hedge fund? Surely their sensitive data is worth more”.
There are also no geographical constraints. Once you have internet connectivity you are a target. Perhaps countries that have relatively more developed e-payment infrastructures may be more at risk. The bad news is that Ireland definitely falls into that category.
What To Do?
When it comes to any such malware threats, there is no one thing that you can do that will guarantee you immunity from this problem. You may not be able to eliminate the risk of ransomware – but you can and should make it as hard as possible for your systems to be infected.
There are some specific things you can do:
Be Vigilant About Emails
The majority of ransomware programmes are delivered through email. It may be a notice from an unfamiliar shipping company. It may be an email that looks like it comes from a reputable company such as your bank. You need to ensure that everyone in your organisation that uses email is well trained in recognising emails that could be transporting ransomware. Here’s an article from this month on the skilled enticements that ransomware distributors are using to maximise their chances of infecting targets.
Stay Up To Date With Your Software
Operating systems, e.g., Windows, are continuously being updated. Many of these updates are to enhance security. Keep your software up to date so that you can benefit from these evolving defences.
Ensure you are staying up to date with the latest anti-malware software
Anti-Virus software in its traditional form is no longer enough. It is now considered wise to have many layers to your security software and setup within an organisation. For example, having Anti-Spam and Ant-Virus filtering on in-bound email coupled with anti-virus software on the local PC’s is a good foundation to start with. However, there’s likely more required. New software packages on the market work in conjunction with your Anti-Virus software to manage security exploits, data breaches and software vulnerabilities by automatically patching system applications and should be considered as an extra layer of protection. In addition, having a good firewall router in place is important too. A multi-layered approach is the best approach.
Back up your data, offsite.
If you have a backup then you have insurance against losing access to your data or indeed losing the data. However, it’s not enough to have a backup. You also need that backup to be inaccessible to the cybercriminals. For example, imagine if you typically access your data on a machine’s c: drive and if your backup is also accessed from the same machine on, say, a d: drive. Imagine if you cannot access the machine? The cybercriminals may very well also have access to your d: drive. You need to retain a separate ability to access your backed up data.
Show the extensions on your files
A word document has a .docx file extension. An excel spreadsheet has a .xlsx extension. Ransomware often has a .PDF.EXE extension. So if you show file name extensions then you may be able to recognise ransomware software. Here’s how you can choose to show file name extensions in windows (8.1) explorer:
Disable the Remote Desktop Protocol (RDP)
The RDP is a windows utility that allows its user to connect to another machine. Such connections offer a means for your Windows machine to be targeted. To reduce your exposure you should disable RDP until/unless it’s needed – and even then only use it for a short and specific purpose.
And If You Are Infected?
You can expect serious effects. And there are no easy solutions. Should you contact the authorities? Pay the ransom? Many organisations are tempted to pay the ransom in hopes that the perpetrators will carry out their end of the bargain. Another reason why firms are tempted to pay the ransom rather than contact the authorities is that they’re hoping to protect their organisations from the PR downside that could result from public revelations of sensitive information being lost.
Your focus needs to be on detection in advance and also on prevention. At BITS we offer a full security audit service where we assess the potential threats to your network such as ransomware. If you would like more information on how BITS can help you please fill in the contact form or call us on 056-7786882.