The Rapid Spread of Ransomware is a very real issue that you and your organization should be prepared for.
Please take a minute to read this important bulletin concerning the security of your digital footprint.
Over the past weekend, we witnessed broad scale ransomware attacks that impacted over 100 countries globally. Ransomware is not a new concept and it will continue to grow in sophistication and in the number of targets. The attacks that happened over the weekend were nick-named “Wanna Cry” and is anticipated to be the first of many new malware attacks using ransomware.
What is ransomware?
Ransomware is a category of malware that can be installed using an email or another vulnerability in a network or computer to attack a larger or broader system. Once compromised, data and system is encrypted using a strong encryption mechanism. This is a category of encryption that would require sophisticated systems and/or significant time to decrypt (or unlock) the files. The attackers take advantage of the fact that many individuals and organizations only loosely follow best practices in file storage and backup procedures, and often keep only local copies of files. When this is the case, and the files that have been locked hold critical data and are only available locally, the only way (and fastest way) to get the files decrypted is to pay the ransom and have your files restored to their unencrypted state. Of course, this can all be avoided by maintaining regular offsite backups of critical data.
How did we get here?
The primary issue lies in the fact that many users and businesses don’t patch their computers or systems regularly and many do not back up critical data. As a result, when critical systems are compromised with ransomware, many are left with no choice but to pay the fees to restore their data. Even after the system has been unencrypted, the system should be wiped and rebuilt due to backdoor or residual malware that might exist in the system and could be used to attack other systems on the network.
As many of these attacks are sourced from organized crime, they use bitcoins to collect the payment. The current value of a single bitcoin is $1,675USD (on Jan. 1st, 2017 it was valued at $998USD) and is rapidly increasing by the day as demand for this digital currency is very high. The cost for data recovery is rapidly increasing, especially in cases where attackers have identified that the data includes corporate intellectual property that is critical to business operations.
That is only part of the problem. WikiLeaks recently posted many of the tools and techniques used by the FBI and NSA to gain access to systems globally. Many criminal organizations are now using this attack intelligence to build new, more advanced tools to attack unprotected systems – you can see how this problem is only going to get worse in the forseeable future.
What can you do to protect yourself and your organization?
- Create back-ups of your critical data and ensure it is NOT stored with the rest of your networked data. Create an offsite backup for safe keeping.
- Create an awareness program for your staff to alert them to the dangers of opening email from unknown or suspicious sources. Any email with an attachment or link should be questioned. Changing staff behaviour is critical in your fight against malware.
- Ensure your computers and systems are patched with the latest security patches from your vendor.
- While this weekend’s attack was targeting Windows, understand that Mac and Linux systems are not immune, and that you should expect variants of the malware to be developed soon.
- While not foolproof, Anti-Malware software on your computers, servers, and mobile devices will provide some level of protection if they are updated regularly. They will automatically alert you when malware is detected in your systems.
- Keep in mind that all computers can be a target of a malware attack. In the past year alone, malware targeting Macs has increased 100 fold and will only increase as more users and businesses are turning to this platform for computing and storing more critical data on these devices.
- Sign up for security mailing lists from your operating system vendors and products. They should be notifying you when ransomware is actively targeting their products/services.
- Use a secure DNS service or provider who protects against known malware infected sites and known botnets.
Be sure to reach out to us if you have concerns about the safety of your own network, we are here to help. For more information please contact me at AndrewMilne@bv02.com
bv02 partners with TwelveDot to help companies secure their online data and digital properties. Apply the fundamentals of online security and de-risk your exposure to cyber crime. See more about how 12Dot and bv02 help our clients, partners and communities.
Important Links:
https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx
https://www.us-cert.gov/security-publications/Ransomware
Skip to sharing