Ransomware. It is fast becoming one of the most widespread and damaging online threats facing businesses. We take a look at what it is, why you should care and what you can do to prevent your business becoming the next victim of this ruthless online attack.
What is ransomware and where has it come from?
In recent years antivirus and security technologies have become increasingly sophisticated and made it much harder for hackers to generate revenue streams via traditional credit card scams. However, cyber-crime doesn’t sleep and hackers have now turned their attention to a new type of attack that holds your precious company data at ransom and requests a payment before supplying a decryption key to release them.
Since the infamous CryptoLocker virus first appeared in 2013, a range of file-encrypting variants have been delivered via ‘spam emails’ and direct attacks to home users and businesses alike. According to a 2016 threats report produced by McAfee, the security vendor saw a 26% increase in new ransomeware samples in Q4 2015. Together with continued growth of existing ransomware campaigns like CryptoWall 3 and TeslaCrypt the frequency of these types of attacks virtually doubled in 2015 with millions of attacks reported.
What and who is at risk?
Obviously your PCs are at risk but some types of ransomware also target mobile devices and mass-storage devices. When it comes to who, the answer is virtually everyone. These types of virus do not discriminate. The general public, businesses, even government institutions and universities have been targeted, but those most at risk are companies that do not regularly update security patches or back-up their data on a regular basis.
Why has it become so popular?
While these types of attacks are financially lucrative they are also harder to trace. Hackers have moved to the use of virtual currency like Bitcoin as the method to pay ransoms. Unlike traditional banking, the exposure and risk of transfers being traced is much lower. In addition, the Tor network is increasingly being used by attackers to more easily hide the location of control servers, which store the victims’ private keys. As many firms have little choice other than to give in and pay the ransom, profits from this type of attack continue to surge and just add fuel to the fire.
It gets worse too as a new strain of ransomware reported by Cisco’s Talos security team and nicknamed “ranscam” will take your money but deletes your files anyway. Even more reason to make sure that your organisation has suitable protection in place.
What can you do to prevent becoming a victim?
- Make sure your staff are aware of ransomware, the risks and how it works. Because the majority of ransomware attacks begin with phishing emails or online downloads, user awareness is vital to prevention.
- Use extreme caution when opening attachments. Make sure your IT team configure your antivirus software to automatically scan all email and instant-message attachments. In email programs such as Outlook, it is advisable to turn off the preview pane and to make sure that the software is not configured to automatically open attachments or download images.
- Keep system patches up to date. Many vulnerabilities commonly abused by ransomware can be patched. Make sure your IT team or support provider keep patches for operating systems and applications up to date and put procedures in place to ensure that new patches are applied successfully.
- Consider unifying your end point security technologies with a Network Access Control (NAC) solution. NAC does exactly what it says on the tin and aims to prevent unauthorised access to your network by denying access to any devices that do not meet a set of pre-defined security protocols. With this additional layer of security in place you can prevent personal or rogue devices accessing the network and propagating potential viruses across your corporate network.
- Application Whitelisting is another preventative measure that can be taken. By limiting the applications that can be used on corporate devices and only allowing these approved applications to run by exception, you can eliminate the risk of any potential threat installing and running by default. By combining Application Whitelisting with a NAC solution you can rest assured that you are operating within a very resilient and secure environment.
- Backup every day. By creating carbon copies of your system and files every day, even if you are targeted, your attackers have nothing to hold you hostage for. Be aware however that your backups should be completely disconnected from your PCs or network to be safeguarded. You can either do this by backing up to an external air-gapped hard drive or by using a cloud storage solution or backup service.
Hosts Unlimited are experts in the provision of cloud based hosting and security services. Talk to us today about how we can help you to protect your business and its data from unexpected intrusions.