Ransomware is becoming more pervasive.  Ransomware is a generic term for a family of viruses and malware that encrypts the user’s data and holds it hostage until a payment is made.  Variants include CryptoWall, Cryptotolocker, Power Worm, KnowBe4 and many others.

This type of attack is typically delivered by Phishing attacks where a user receives an email asking them to click on a link or open a document.  The attack is often initiated by opening something as innocent as a PDF or a word document.  Some of the most recent attacks are being disguised as resumes, bills or even pictures.  When the unsuspecting recipient opens it, the file may look harmless but in the background, it downloads a malicious piece of code that will search all of the files in your system and encrypt them.  Some of them target only data files (word, PDF, excel, pictures or music) while others attack everything on the system as well as any attached storage or file shares.

Once the program completes encrypting the data it is targeting, the malware will lock down access to the data completely and issue a pop up message asking for money to unlock the files within a given time period or the data will be destroyed. In some cases, the ransom amount increments as deadlines pass. The amount of money being requested varies with the perceived value of the information and can vary from hundreds of dollars to over $250K paid by a local government agency. Just this week, a famous California hospital was forced to fork over $17K to recover its data. The hackers typically demand payments be paid with Bitcoins which are untraceable.

Ransomware Image

Everyone is a target and can be infected from their work computers or personal computers.  Even Android devices, iPhones and tablets can fall victim.  Antivirus alone is no defense as the attack signatures change very frequently. Unfortunately, once you are infected there is seldom any way to recover your data without paying the ransom, unless you take appropriate precautions.

The best defense against Ransomware is preemptive. Companies can implement a behavior based threat prevention system that constantly updates attack signatures and behavior patterns. This will identify and stop Day 0 attacks. An example would be Palo Alto Network’s Wildfire paired with Traps, an advanced end point protection tool. Wildfire analyzes network traffic patterns and behaviors and uploads unknown patterns from all of its subscribers to a cloud based service. The suspect patterns are analyzed and a threat response is distributed to all of its subscribers within 15 minutes. Traps™ is an advanced endpoint protection solution that prevents advanced attacks from exploits or malicious executables before they execute. Traps will immediately block attack techniques, terminate the process, and notify both the user and the administrator that an attack was thwarted.

The best defense against Ransomware is preemptive. Companies can implement a behavior based threat prevention system that constantly updates attack signatures and behavior patterns.

To protect the data, companies must verify that their data backup systems are properly designed, executed and tested. If a user’s data is attacked, or in the worst of cases, an entire organization’s file servers are compromised, the ransom can be avoided by retrieving a recent backup. However, if the backups are stored on line, even the backups can be compromised and the only defense would be to recover the data from offline backups (Read Only storage or tapes). Since most ransomware will search for other network or file shares that are attached or networked to the infected machine, it is recommended that the backup medium be unmounted or disconnected immediately after a backup or restore process is completed.

Individuals can also help to make sure they protect themselves by following best practices:

  1. Never open an attachment unless you are 100% sure you know who it comes from and that it can be trusted.
  2. Ensure your systems are patched and up to date. Everything from the operating system to your application suite to Anti-virus should be patched. Although this will not stop day 0 attacks, it will help stop some of the most common threats. Security experts report that 80% of all virus and malware attacks are based on recycled exploits and vulnerabilities.
  3. Make sure all of your data is stored on a corporate file server where it will be backed up. If your machine falls victim, your data can be restored from backups. Worst case, you might lose a day of work.

Though the rise of cybersecurity threats is pervasive and ever-growing, proper precautions can limit their impact if you should ever fall victim. Contact us to discuss your cybersecurity policy and how we can help you avoid potential threats.