[email protected] +603-2181 3666
Ransomware – Businesses are in its sight
March 23, 2015
0

We have written or about ransomware in previous Advisories.  In this edition we are revisiting ransomware because this menace is not going away anytime soon.  In fact, the proliferation of ransomware is getting more aggressive.  Why wouldn’t it?  In this case the road to riches is paved with money or ramsom – yours.

Unfortunately, ransomware is taking aim not just at big business, but businesses of all sizes in all sectors.  They seem to be shifting their attention from consumers, but not completely as consumers are still considered lucrative targets.

Ramsomware attacksRansomware - business in its sight are two-pronged.  A user’s device is infected with malware (seeDefinition). It locks the user out or encrypts the files so that the user can no longer access them.  Then, a ramsom is demanded and a time frame is set for the payment to be made, failing which the device will be wiped clean or the files will be erased.

Security researchers have found that new ransomware schemes are making attacks more difficult to prevent and detect.  Therefore, it is vital to focus attention on employee education on how to avoid becoming a victim of such malicious attacks.  Employee education should be an ongoing process as this is the key to creating awareness amongst them.

It was recently reported by an American security firm that hundreds of websites may have been exposed to “malvertisements” (see Extol Advisory, 2nd March), which are ads containing ransomware.

In another report, an antivirus provider revealed that cybercriminals were using help files to infect devices with a variant of the ransomware known as Cryptowall (see Definition).  Unsuspecting users will receive emails with the subject “Incoming Fax Report” that contains help files with a compiled HTML extension.  When the users open the file, a help window would open that automatically downloads Cryptowall in the background.

What is of grave concern is that hackers are developing entirely new malware strains that evade current detection mechanism.

Ransomware is flourishing as the criminal community appreciates its viability and the ease by which ransomware can be shared.  The most troubling evolution is the migration to mobile ransomware,” says chief cybersecurity office at security firm Trend Micro.

As ransomware continues to grow, so have attacks against Windows and Android systems.  Law enforcement in different countries can help educate residents about the threats, but it’s up to individual companies to educate its employees about the dangers of ransomware and to avoid becoming a victim of it.

As stated earlier the attack trend seems to be shifting.  In 2012 and 2013, cybercriminals targeted mainly home users.  Since late 2014, the cybercriminals have been focusing more on business assets, encrypting database files and shared storage systems.  The implication is that it could destroy a business if online backups of data / information are not stored.  The encryption that is being used today cannot be broken with today’s computers.  Therefore, if the files or data are encrypted or locked and ransom is not paid, they are good as gone.

There is another danger – the cybercriminal may not release the locked data after the raransomware 2nsom is paid.  There is a possibility that he/she may ask for more payment or worse still, leave the data locked for good.

It is imperative to have back-ups and not leave things to chance as it can be very devastating to the victims.

This is what a senior director of security firm RSA has to say.

“The hacker distribution techniques and ecosystem are run like a business,” Tran says. “The development, buying, selling, trading and distribution create micro-economies that scale very quickly for both cybercriminals and nation-state attackers. This is a global network much like the open-source software developer communities, where software can be developed very quickly and with greater capacity than closed, proprietary development.”

“Also, most of the malware strains used in these attacks are evading detection by anti-virus programs.”

“In the past 12 months, over 300 million malware samples have been reported in circulation, many of which are modifications of existing variants, but many are unique.  The sheer scale is overwhelming.”


Recommendation


  1. Ensure that endpoints and servers are up-to-date and patched.
  2. Install anti-malware tools and endpoint protection.
  3. DO NOT open email attachments from unknown sources or emails that appear to be legitimate but suspicious.
  4. BACK UP is very crucial.  Important data to be regularly backed up onto external media.
  5. Awareness – staff are to be educated in best computing practices and how to identify threats.

Definition


  1. Cryptowall – ransomware that encrypts files on a compromised computer.  It will then request that a ransom be paid in order to have the files decrypted.
  2. Malware – malicious software that includes worms, virus, Trojans, spyware, rootkits and ransomware. Used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Source


  1. Bank Info Security
  2. Intega IT (for pic above)