Ransomware

By Nico Gazzano - Chief Information Officer

Unless you’ve lived under a rock for the past 4 years, you’ve undoubtedly heard about ransomware.  Names like Cryptolocker, Locky, CryptXXX and KeRanger make up a handful of the many iterations of malicious software that have the ability to restrict access to the infected computer system by encrypting any and all files that it is able to get a hold of.  Once that happens, it’s virtually impossible to gain access to the data, your data, without the decryption key which is only available by paying a hefty ransom – hence the name “Ransomware”.  I do not use the term “hefty” lightly; just two of these nasty little buggers took their intended audience for a total of $21 million USD between September 2013 and June 2015.  So when your IT guy says it’s serious, he really means it.

How it works is not as important as how it spreads.  The primary target is typically the weakest link in any corporate security strategy – the end user.  Emails sent to the unsuspecting office manager from the United Nations Organization with the subject line “View Attached Payment Successfully Approved” (I know because I deleted one this morning) that has a Microsoft Word document attached to it.  It’s the perfect con – target humanity’s insatiable curiosity and eagerness to push the “Do Not Push” button.

The scary part is that ransomware activity has been increasing exponentially since it first reared its ugly head.  Locky, a newer form of ransomware believed to originate in Russia, has been infecting up to 90,000 PCs on a daily basis according to an article published by Forbes back in February. With numbers like these, it’s clear that Ransomware has now become a viable stream of revenue for the cybercrime underworld.  In fact, there are some outfits that offer RaaS – Ransomware as a Service to the highest bidder.  All payable in controversial, untraceable, and decentralized virtual currency known as BitCoins (451.82USD = 1BTC).

So what is being done about it, and how can we stop it?  In short, there’s a lot being done about it, but there is no way to stop it.  Security vendors are working around the clock doing what they can to release technology that can protect against ransomware, but there’s no way to eliminate the problem altogether.   Because of this, your business security strategies need to include policies that address the following two things: data protection and security awareness training.

First and foremost, data backups need to have the highest priority.  A good backup strategy that includes multiple copies of data on different types of online and offline media can be the difference between needing to pay a ransom and being able to laugh in your attacker’s face.

Secondly, even the best and most state of the art security technology is no replacement to proper end user training.  A continual training program that focuses on security awareness and different social engineering methods that attackers can use to gain unauthorized access to corporate data should be a part of any basic security strategy.

At the end of the day, protection from these advanced and always evolving threats are no longer just the responsibility of the IT Department.  It falls on everyone’s shoulders to be responsible and to become aware of what’s going on out there. Reviewing your company security strategy and training program will keep you ahead of your attackers, and to fully understand the threat from all angles you have us on your side.

At MIS Choice, we have extensive experience in cyber security and preventing/mitigating such attacks. Give us a call - let us know what your concerns are. We’re here to protect you from the unknown.