Running from ransomware: What it is and how to avoid it
Anyone who’s used a computer within the last decade has likely heard of ransomware. However, not everyone knows what it is and how deadly it can be to the security and well-being of a business. In April 2016, CNN Money reported ransomware was soon to be a $1 billion business as its costs have reached an all-time high. From January to March 2016 alone, cybercriminals used ransomware to extort $209 million from businesses across the nation. The technology and social engineering behind the scams continues to develop and businesses are struggling to both understand and protect against these ever-evolving methods of cyberblackmail. The sections below delve deeper into ransomware and how businesses can protect against it.
What is Ransomware?
The first ransomware virus butted its ugly head in 1989, and since that time, cybercriminals have designed increasingly advanced strains that have targeted businesses and institutions across the world. Today, the most common types of ransomware include Cryptolocker, CryptoWall, CTB-Locker, Locky, TeslaCrypt, TorrentLocker, and KeRanger. Essentially, ransomware is a form of malware that restricts users from using their devices or accessing their files until a ransom is paid. The virus can infect PCs, Macs, and even mobile devices. Once the files are locked, the only way to regain access to the data is to restore a recent backup or pay the requested amount. Cybercriminals require users to pay with crypto-currencies like Bitcoin to avoid being traced and often, the ransom increases with time until it is paid.
There are three main types of ransomware; scareware, lock-screen, and encryption.
Compared to the other two forms of the virus, scareware is the least threatening. It takes the form of security software and tech support scams and is designed to trick users into purchasing and/or downloading malicious software. Scareware appears as a system message requesting the installation of antivirus, anti-spyware, or registry cleaner. The message usually claims security issues were detected on the device, prompting the victim to purchase software to resolve the issue. If the user purchases the software, their money will be stolen and their device may be rendered unusable depending on the damage inflicted by the installed software.
If a user receives a virus alert from a program they have not installed, they should avoid trying to close the window and use Task Manager (control+alt+delete) to turn off their machine. If this is unsuccessful, the user should go to task manager, view the programs currently running, and delete the unfamiliar program. It’s imperative to perform security scans of the machine after removing the rogue software. Spyware and additional harmful remnants may remain hidden in the machine’s system and leave the user vulnerable to identity theft or a data breach.
When the lock-screen version infects a computer, it displays a full screen message that restricts the user from accessing the device or its files until the ransom is paid. Generally, the message will include what appears to be an official FBI or U.S. Department of Justice seal, claims illegal activity has been detected, and demands a fine be paid to restore control of the device. It’s important to note that the FBI would not address such an issue using these means. If a user was suspected of illegal activity, the department would use the appropriate legal channels to proceed with an investigation. On the bright side, lock-screen ransomware generally avoids encrypting the user’s files, reducing the chances of a full-fledged data compromise.
The encryption version encodes the user’s sensitive files and demands a sum be paid to decrypt the data. This version of ransomware elicits panic as the victim will be able to use their device and see their files, but will be unable to access anything until a ransom is paid. However, even if the user pays the sum, there’s no guarantee their files will be restored or that their device will be left uncompromised.
If a user’s computer becomes infected with ransomware, the first thing they should do is turn off the machine and disconnect it from the network to avoid infecting other devices. A business’s managed IT services provider should help the organization restore their data via a backup solution. Businesses do not want to pay the ransom fee, and a data backup is the only way to avoid such costs. Even if an organization pays to have their data released from the hacker’s possession, there’s no guarantee the files will be clean and the device unaffected. Businesses should work with their MSP to determine the best approach to restoring their data and securing the network against future attacks.
How do you protect against ransomware?
At the 2015 Cyber Security Summit, the FBI advised businesses infected by ransomware to pay the ransom. However, IT experts warn against this approach. Although the costs incurred by ransomware have skyrocketed, the sums requested generally range from $500 to $10,000. A lesser amount is more likely to elicit payment from users, and the more people that pay, the more incentive cybercriminals will have to continue these attacks. Instead, experts advise businesses to restore valuable data via a backup solution, and avoid paying hackers. Companies should take a proactive approach to ransomware threats. The right combination of security software and end-user education can greatly reduce a business’s chances of falling victim to a data hostage situation. Antivirus, anti-malware, and anti-ransomware programs can be layered with additional applications designed to prevent malware attacks. Businesses should take the following steps to secure the safety of their valuable information and their reputations.
- Be sure all software is updated
- Install and make regular updates to antivirus, anti-malware, and anti-ransomware solutions
- Install pop-up blockers on web browsers
- Beware of following links or opening emails/attachments from unfamiliar people or companies
- Have a remote, unconnected automatic backup system in place (Cloud storage is one option)
- Educate employees on the latest methods of social engineering and malware tactics
- A company’s IT services provider should have a data backup solution in place and perform regular test restores to check the effectiveness of the solution
Cybercriminals and resource banks
As technology develops, so do the methods cybercriminals use to access and extort valuable information. The modern generation of cybercriminals has formed an underground economy where hackers can buy and sell goods and illegal services. Essentially, cybercriminals have created a hub that provides the tools and education necessary for inexperienced hackers to become vets of the trade. This resource center has resulted in an increase in the quality of malware, the accessibility and speed of the criminal supply chain, and makes it more difficult to trace and apprehend cybercriminals. Resources such as social media networks with escrow services, malware licensing and tech support, and pay-for-play malware infection services now exist to make it easier for criminals to exchange knowledge and collaborate.
The future of ransomware
The Internet of Things (IoT) is becoming an integral part of daily life and offers a plethora of opportunities for hackers to access and control this technology. New trends in ransomware techniques may include targeting smart phones (a current, but not overly popular target for ransomware), cars, smart homes, and even videogames. No one knows exactly where the future of ransomware is headed, but it’s clear cybercriminals have yet to exhaust all of their hacking options.
Aldridge offers the protection and monitoring your organization needs to deter malicious hackers. If you’re looking to safeguard your business against the hassle and costs ransomware entails, contact a firm representative today.