Protecting against ransomware

Kevin Foster, Testing Services Manager at MTI Technology

The ransomware scourge is growing, and it’s easy to see why. It’s almost a zero risk game with potentially enormous rewards.

Recent research revealed that ransomware has eclipsed botnets to become the main threat to businesses. During the fourth quarter of 2015, 83 per cent of all data extortion attacks were made with the use of ransomware. The CryptoWall ransomware alone generated more than $18m for its creators in a little over a year.

In recent months, we’ve seen a raft of new ransomware strains emerge. Locky, one of the most virulent is spreading at an alarming rate, PadCrypt has a Live Feature option, which allows victims to speak with its creators, and 7ev3n demands a £3,800 ransom. These are only three recent pieces of ransomware, but there are many more examples.

Ransomware tends to spread in email attachments, downloads, compromised websites or malvertising, however, email is the most common method. Recently, ransomware has become increasingly targeted, crafted in local languages and purporting to be from local companies.

Clearly, ransomware can be incredibly damaging, locking up files, freezing computers and shutting operations down – until the ransom is paid.

  • Ransomware denies access to important business files, requiring a ransom to decrypt the files.
  • It typically infects a system’s hard drive (including attached and networked drives), locking away files under encryption.
  • The attacker requests money in return for a decryption key to regain access to hacked files.

However, there are some simple steps you can take to make sure you’re safe from this pernicious threat.

  • Install behavioural-based security and antivirus software. This will help keep your files and data protected and can identify zero day threats such as ransomware. Make sure it also carries out regular scans so you always have the latest protection.
  • Update your software including operating systems, web browser software, security software and installed applications. Enable automatic update settings too and install updates as soon as they are released.
  • Back up your data onto external storage devices or archived storage that is not connected to the internet. This will allow you to still access copies of files, should you fall victim to an attack.
  • Educate employees so they are aware of cyber threats and how they can safeguard against them, for instance, by not downloading files from untrusted sources. Even when opening MS Office docs from trusted sources, open them in “Protected View” and do not enable macros.
  • Do not browse the web and access Internet email from computers (servers) that hold business critical files and databases. This can create a direct access point to this crucial data for cyber criminals.
  • Don’t use the same password across multiple accounts. If a cyber-criminal gets one of your passwords, they could use it to access your other online accounts. Setting up password reminders to prompt employees to change their passwords every couple of months is a way of reducing risk.

Refusal to pay a ransomware threat can be a dangerous gamble. Ransomware is created to be impenetrable, though, sometimes a key can be cracked if the malware writer makes coding flaws.

For many companies, the only way to get back access to crucial documents is to pay the ransom. Even then, you should look to remove the ransomware completely.

Ideally, infected hosts should be fully erased and re-built (from the firmware up) to guard against any backdoors being installed and then hardened in line with good security practice.

That said, companies that prepare ahead of time with protected backups can [having established the root cause and remedies for the infection] disregard the request for money, wipe the infected devices, implement security hardened builds, and restore the files.

Implementing the necessary precautions outlined above enables a company to manage and deflect potential attacks and helps protect them against future attacks.