Ransomware is a type of malware that restricts access to your PC, applications, or files, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key. This is called crypto ransomware. Others may simply lock the system and display messages intended to scare the user into paying – this is locker ransomware.
Ransomware typically propagates as a trojan whose “payload” is disguised as a seemingly legitimate file, often coming to the user from a spoofed email address that looks like a legitimate sender – sometimes even coming from your own email address! This is called phishing, which is a primary method of infecting victims with ransomware. Emails tend to carry a malicious attachment or instruct users to click a link that allows the virus to enter their machine. Another method is called malvertising, which embeds malware in ads that are delivered through known and trusted websites – even the New York Times and BBC have fallen victim to this. In this case, the advertiser’s network is compromised. More recent versions of ransomware have exhibited delayed payload execution, rendering short-term backups ineffective.
Ransomware has become a multi-million-dollar crime operation that is attracting cyberthieves because it is extremely profitable, as many organizations or users cave and pay the ransom. According to Wired, the FBI says victims who reported attacks to the Bureau last year paid the cyberthieves $24 million. Those that don’t pay risk having the decryption key destroyed and losing access to their data forever – and even those who do pay have no guarantee they’ll get their data back.
Ransomware is affecting all types of businesses across industries, especially those that depend on constant access to their data and cannot afford to lose this access. For example, a hospital may feel pressured to pay the ransom because lives are on the line. Other targets may include banks, Congress, police departments, airlines, large corporations, government agencies, and heavily regulated industries that may be required to shutdown in a ransomware situation.
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will ask you to do something before you can use your PC. Payment of this ransom is typically requested in bitcoin, and paying the ransom does not guarantee access to all encrypted files.
Notable ransomware include:
- CryptoLocker
- CryptoWall
- Teslacrypt
- TorrentLocker
- KeRanger
- Locky
- Cerber
- FakeBsod
How can you avoid it?
Backup:
It’s best if your organization isn’t vulnerable in the first place. This is easier said than done, but backup is a good place to start. Backup your business data daily if possible so you won’t be forced to pay to use it again down the line. Cloud backup may be the best option as well, as today’s hackers can search out local backup systems to encrypt and lock. So unless this local storage is offline and not directly connected to desktop systems, it is also at risk.
Even if you’ve backed up your data and choose not to pay the ransom, an attack can still cost you in terms of recovery. For example, victims of the CryptoWall ransomware suffered an estimated $325 million in damages that included the costs of disinfecting machines and restoring the backup data. (Cyber Threat Alliance)
Education:
Inform your users to be vigilant of such malware, to be 100% sure of the senders of attachments, and to not open any attachment they are not expecting or aren’t 100% sure of. It’s better to be safe than sorry, after all.
It’s important to educate your users on how they can recognize attacks and avoid unwelcome emails or links. Ultimately, you’ll decrease the number of click-happy employees in your organization. Training may even include sending out simulated phishing attacks monthly to keep everyone on their toes.
A huge issue when it comes to malware is that many users simply don’t know the security basics. That’s why training and education are key.
Security Technology:
Even with backup and training, attacks will happen, and your security technology should be prepared. There are definitely security products that protect specifically against ransomware, but every business should also take standard security measures and have multiple layers of protection in place like anti-malware and anti-spam. Other measures may include: patching software security holes and keeping software up to date; keeping third-party plug-ins and operating systems up to date; using software whitelisting so machines can’t install or run anything that’s not approved; and applying the concept of “least privilege” to systems and services to limit ransomware’s ability to spread through your network. The key here is to avoid allowing the virus to exploit any vulnerabilities in your network.
The RapidScale Approach
Many security experts have designated crypto ransomware as the greatest security threat to organizations today. RapidScale’s CloudBackup solution can protect against this and is a reliable way to recover files following an attack. The solution provides organizations with a seamless and secure backup of their data to RapidScale’s cloud. RapidScale takes care of all the management, monitoring and dependability of the customer’s backed up environment. CloudBackup is secure, encrypted, scalable and efficient.
Any business continuity plan should have file-level backup, but another key component is disaster recovery. RapidScale’s CloudRecovery is designed for large scale failures and true disasters, rather than single-item restore – depending on the extent of the situation, this solution may be necessary. Together, CloudRecovery and CloudBackup can create a well-rounded business continuity plan for a ransomware attack.