By Farokh Karani
https://heimdalsecurity.comHeimdal Security
A recent, high-profile incident in which a Hollywood-based hospital suffered through a ransomware lockdown is just the latest in a long string of public attacks that threaten the way we do business today. The hospital was asked to pay $3 million to regain access to its data, and while administrators managed to negotiate that down to a $17,000 bitcoin payout, the experience took its toll on patient care, profits, and more.
The potential for ransomware to cripple an organization’s operations makes it one of the biggest threats to business today. And new forms of ransomware are rapidly emerging, including TeslaCrypt, which was first discovered a year ago and has employed new infection and propagation techniques in 2016. New variants of TeslaCrypt make their way into computer systems to hijack images, spreadsheets, PowerPoint presentations, and other files. The Trojan then begins encrypting these files, converting them into an unreadable form that can only be viewed with the aid of a private key. And getting that key requires a ransom payment.
Locky is another new ransomware variant that is propagated via spam emails carrying malicious Microsoft Office documents and JavaScript files as attachments. When the JavaScript files are executed, they download and install the Locky ransomware on victims’ machines. The ransomware encrypts most of the documents available on the system and then demands a ransom payment from the user.
Mobile ransomware and banking Trojans have also increasingly come under the spotlight. In the first quarter of 2016, Quick Heal, through its Threat Research & Response team, detected four new ransomware variants that target Android devices, including old and new families. Additionally, 10 families of mobile banking Trojans were also detected by Quick Heal in Q1, including completely new variants of existing families, compared to 21 for all of 2015.
How To Stay Safe
Ransomware enters networks and systems in a variety of ways, but their mode of operation and end results are almost always the same. So what can be done to protect your network against this growing threat? Knowing these four guidelines might help you keep your business safe.
- Establish a strong backup policy:Have you heard of the 3-2-1 rule for data backup? It involves maintaining three different copies of your critical information and saving it in two different formats, one of which should be entirely offline. This ensures your data always remains under your control and, even if you do end up a victim of ransomware, you have enough backups in place to avoid the need give in to the attacker’s demands. Simply backing up your data to an external hard drive is not enough, as today’s ransomware is advanced enough to infect connected devices as well.
- Recognize ransomware casts a wide net:Almost 90 percent of computers around the world run on Windows, so it’s no surprise ransomware is designed to attack Windows-based PCs more than any other machines. However, it is not uncommon to find ransomware samples that work just as effectively in Android or Linux environments. Even organizations that have standardized on Apple devices, who wrongfully think they are not vulnerable to such attacks, are targets now as evidenced by aMac OS X ransomware incidentearlier this year.
Mobile devices and newInternet of Things (IoT)connected devices are also coming under the radar of attackers, making the threat of ransomware increasingly pervasive. Knowing the offensive strategy of this cyber threat has no limits can help you design a defense that takes every possible device and platform in your network into consideration.
- Think very carefully before actually paying the ransom:In situations where a company’s data has been seized and a ransom is demanded to unlock it, it can be very easy to give in to the demands of the attackers. However, this is something that should be carefully evaluated, as paying the ransom does not provide any guarantee the data will be recovered. The best solution is to be prepared by keeping multiple backups of your data so that if the time does come, your organization does not need to worry about being at the mercy of the attackers.
- Adopt preventive technologies and training for preemptive action:When it comes to ransomware, prevention really is the best cure. Invest wisely in solutions that detect ransomware and proactively block attacks. Spend time and resources training your employees about the risks of ransomware and their most common methods for entering networked systems: be wary of email attachments, malicious websites, unpatched programs and operating systems, and suspicious applications.
Lastly, as with other forms of security threats, taking proactive actions and engaging in vigilant monitoring will allow your organization to avoid devastating threats before they cause significant damage.