Businesses are being held to ransom. Cyber criminals are attacking with increasing frequency and effectiveness, and your business is on a target list. Are you prepared?
With instances of malware attacks and cyber ransom demands increasing at a frightening pace, it’s important to know the risks you face and how you’re best to prepare for and deal with such an attack.
Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key. Others may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan, which is disguised as a seemingly legitimate file.
Ransomware scams are growing at an alarming rate. In the first quarter of 2016, Kaspersky Lab security solutions saved 372,602 users from ransomware attacks. The report published on securelist.com reveals the number of attacked users increased by 30 percent compared to Q4, 2015. Additionally, figures from CNN report that $209 million was paid to ransomware criminals in Q1 2016.
CryptoLocker is a ransomware Trojan which targets computers running Microsoft Windows. CryptoLocker propagated via infected email attachments and via an existing botnet. When activated, the malware encrypts certain types of files, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment (through bitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatened to delete the private key if the deadline passes.
If the deadline is not met, the malware offered to decrypt data (via an online service provided by the malware's operators) increases to a significantly higher price in bitcoin.
It’s usually quite easy to tell – the symptoms include:
By far the most common scenario involves an email attachment disguised as an innocuous file. If you receive an email with an attachment or even a link to a software download, and install or open that attachment without verifying its authenticity and the sender’s intention, this can lead directly to a ransomware infection.
Increasingly, infections happen through drive-by downloads, where visiting a compromised website with an old browser or software plug-in or an unpatched third party application can infect a machine.
Another common way to infect a user’s machine is to offer a free version of a piece of software. This can come in many flavours such as “cracked” versions of expensive games or software, free games, game “mods”, adult content, screensavers or bogus software advertised as a way to cheat in online games or get around a website’s paywall.
It’s imperative that you take action immediately. At a high level, you need to follow these four steps to minimise your exposure:
A Disaster Recovery Plan (DRP) is a documented process or set of procedures to recover and protect a business’ IT infrastructure in the event of a disaster. Given organisations' increasing dependency on information technology to run their operations, a Disaster Recovery Plan is essential and should be developed and tested in advance to best facilitate the recovery of information technology data, assets and facilities.
OneNet can provide an availability assessment to review your availability requirements and assess your preparedness to deal with an unforeseen issue or outage. OneNet’s consultants can discuss this with you in confidence so that you can make an informed decision. As a NZ-based technology solution provider we are on the ground and here to help.
Contact OneNet today – visit onenet.co.nz or call +64 9 376 7610