This article entitled “How Can You Protect Your Business From Potentially Costly Ransomware Attacks?” was written by Sean Hegarty who is Operations Director at HCS Business Solutions. Sean holds a BSc in Law with Business, an MSc in Technology Management and has been working in the field of IT Service Management and IT Outsourcing for the past 17 years.
This year has seen a 200% increase in new ransomware which has been driven by new, hard to detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt , and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor. Anyone reading this may be forgiven for thinking that I’m an expert in this area, I’m not. I do however manage an IT services company which has 100’s of customers who are affected by the threat of cybercrime. As a result I’ve been reviewing recent trends with our industry partners and our technical team to see how best we can manage these very real and serious threats to our businesses.
What is Ransomware?
Ransomware is a malicious virus which is contracted when a user inadvertently clicks on a link on a web site or opens an email attachment resulting in their data being encrypted. The user is then asked to pay a ransom to receive a key that will decrypt the files. The ransom could be hundreds or thousands of euros and there’s usually a time deadline for the user to pay the ransom. In some cases the ransom will be paid and then the decryption process may not work entirely successfully. Criminals are making millions from this activity right now and their next victim could be you and your business.
Cybercrime is a growth industry
Take this excerpt from The Internet Organised Crime Threat Assessment report (IOCTA) 2015 carried out by Europol;
“The Crime-as-a-Service (CaaS) business model, which grants easy access to criminal products and services, enables a broad base of unskilled, entry level cybercriminals to launch attacks of a scale and scope disproportionate to their technical capability and asymmetric in terms of risks, costs and profits.”
Traditionally we associate cybercrime with the geeky but technically skilled hacker who illegally accessed systems for a variety of reasons, some of which were not entirely harmful. However, it’s easier now for relatively unskilled criminals to get involved in cybercrime and this has led to the industry evolving.
Cybercrime is now becoming more aggressive and confrontational and is attracting the more traditional organised crime gangs who now see cybercrime as an opportunity to make huge profits.
Social engineering is a term used to describe the non-technical way that cybercriminals illegally access an organisations systems. It relies on human interaction and involves tricking people into breaking normal security etiquette, often through the use of email and now also through web sites, including social media sites.
Key Threat – Ransomware
Ransomware is a top threat for EU law enforcement according to the report mentioned above with Crypto Locker alone believed to have infected over 250,000 computers and obtained over €24,000,000 in ransom within the first 2 months of appearing in September 2013.
Data – A Key Commodity
Data is a key commodity in the digital underground and almost any type of data is of value to someone. Whether it can be used
to commit fraud or for immediate financial gain, the majority of malware nowadays is designed with the intention of stealing or hijacking your data.
How Does Ransomware Infect Your Systems?
Ransomware is contracted when users click on links in web sites or open attachments or files on emails. It’s easy to point the finger at so called “dodgy” web sites or blatantly obvious email attachments with dodgy email addresses and say that users should know better but these criminals are using ever more sophisticated means to entice users to click on the link or file that infects your systems. For example, emails could be received by users from customers which may contain an attachment with a logical title which when opened will infect your system.
Once Infected You Have Two Options
1. Pay the ransom and hope the decryption key and process works.
2. Don’t pay the ransom and restore your files from a backup, assuming you have a backup.
What to Do?
Firstly, there is tonnes of information on the internet about ransomware from a variety of credible sources. I’m simply going to bring some of it together with the goal of creating some awareness about the threat and what you can do to protect your business.
Secondly, I’m going to focus on how you can mitigate against the threat that ransomware poses through a prevention strategy and if you should get infected, by neutralising the leverage the criminals have over you by having a proper backup of your data.
Ransomware Prevention = Risk Mitigation
Educate your users. Create a human firewall in your company. Training in cybersecurity awareness should be provided with emphasis on data security, and awareness using the internet, visiting certain web sites and using email. The days of the philistine computer user frustratingly and randomly clicking buttons on their computer to get rid of a pop up are over. Users need to understand what they are doing when they click on a link, file or an attachment. With regard to the degree of success of phishing campaigns research shows that 23% of recipients who receive a phishing message will open it and a further 11% will continue to open any attachments so ongoing internal cybersecurity awareness campaigns are a must.
Ensure you have up-to-date IT systems, software, policies in place and adopt a multi-layered approach to threat management;
• A firewall with web filtering, virus filtering and application filtering. Perhaps have a whitelist of web sites for your users.
• All users should have up-to-date antivirus software on their PC’s, laptops and devices.
• Implement policies on your network that prevent users from running unauthorised applications or opening certain files or attachments.
• Review, update and maintain systems regularly and apply the latest patches.
Backups. Once you’ve contracted ransomware you have just two realistic options.
a) Pay the ransom or;
b) Restore from backup.
The best and quickest way out of this situation is to restore your data from backup. If you have a good back up you are neutralising the leverage that the ransomware criminals have over you and you are back in control.
So to ensure you will always have this option check your backups, make sure they are backing up everything you need to run your business. Check your backups regularly and carry out test restores to ensure they can be restored in an emergency. It’s critically important to have a robust system and process around your data security and ransomware is just one of many obvious reasons to ensure that you personally invest in this area of your business.
Remember that if you take these three steps you are protecting your business from multiple different threats, some old, some not so old, which are continually doing the rounds and could catch a user out. Importantly however, if you have taken these steps you have given yourself every chance of avoiding that brand new threat when it does come along.
Right now ransomware criminals feel they’ve cottoned onto a good thing making millions of euros around the world. Some ransomware people would even have us believe they are doing the world a favour by highlighting security holes and inadequacies of current systems. Some cybercriminals illegally encrypt a company’s data and believe they are merely charging for their services to decrypt the data.
Cybercrime is no different from traditional theft, burglary, obtaining property by deception, blackmail. There are criminals and there are victims and the authorities along with stakeholders must continually strive to make the digital world a safer place.
If there is an upside to this then perhaps the proliferation of ransomware will make us all more security conscious around the internet and IT systems in general, and specifically, we must realise the value of our personal and business data and ensure that we have proper backups at all times.
Remember – Security is a process, not a product you can buy!
1. Ransomware Hostage Rescue Manual. Adam Alessandrini.
2. The Internet Organised Crime Threat Assessment (IOCTA) 2015, www.europol.europa.eu
5. Verizon, 2015 Data Breach Investigations Report, http://www.verizonenterprise.com/DBIR/2015/, 2015