Ransomware: most insidious malware threats
Ransomware: it might sound like the title of the next summer blockbuster, but this clever little portmanteau has become one of the most insidious malware threats. As you are probably already aware, this nasty malware strain takes advantage of lax security controls and does devastating damage. Nothing really new there, malware by its nature exploits vulnerabilities and is malicious and damaging. But what’s especially troubling with ransomware is that the ‘bad guys’ literally hold your business’s most important asset—your corporate data—hostage.
It’s no surprise that newer strains, like Locky, are worse as this mode of attack evolves. Locky takes advantage of unpatched applications or comes in through a malicious attachment—perhaps something as innocuous as a Word or Excel document. Once activated, macros spreads across the entire network scrambling files and creating encrypted files in their place. That’s right, encryption, one of IT’s best weapons in the fight against security threats used against us.
Once Locky, or other ransomware, has finished, it alerts the user of the ransom required for the encryption key. What makes Locky particularly awful is that in less than an hour it can encrypt the local computer, plus shared folders for which it has write access and even cloud storage services such as Google Drive. In addition, it deletes shadow backups that are often used to restore damaged files.
Unfortunately, many security tools are unable to decrypt or restore missing backups.
What can be done to avoid becoming a ransomware victim?
Not all is lost. If you want to avoid becoming victim to ransomware or, at least, minimize the damage from it: start by reviewing your security tools and network endpoints in particular. It may be inadequate to meet the challenge. After all, budgets for security tools are often tight, especially in the public sector. Still, having sub-par security makes you a prime target for ransomware.
Many security providers today have tools in the battle against ransomware, but the ever-growing variety of strains released in the wild makes it a constant battle. The good news is that some security vendors have advanced tools focused squarely on ransomware protection, such as anti-encryption technologies like Kaspersky’s Anti-Cryptor. This can help undo file changes the moment malicious activity is detected.
But, in the end, to better guard against ransomware, start with a good look at all your security tools and policies, especially those related to access applications and backups.
Here’s what to look for:
Since current ransomware strains focus on quickly spreading to anything with write access permissions, it makes sense to closely manage how systems are accessed. This is especially true for administrators. If you have administrator access, make sure you aren’t constantly logged onto systems to minimize damage by limiting ransomware’s spread. A good rule of thumb: “If you don’t need to access it right now, log out.”
Keep Applications Updated
Obviously, it’s important to keep applications patched and updated regularly, but even the most up-to-date software might still spread malware. In the case of Locky, for example, it can be activated through an email attachment, usually a Word attachment, tricking users into turning on macros. Once macros are enabled, the attachment will run a malicious script to dial home and activate the malware. (You might ask yourself: “This old trick still works?” Well, sadly, it does.) One way to reduce this risk is by installing Microsoft Word Viewer or, at the bare minimum, by disabling macros.
For ransomware to work, it has to not only kidnap your data, but also your backups. To do that, it deletes or encrypts any backup files it comes in contact with. If you are worried about potential ransomware risks, consider periodically backing up to a cloud or offsite storage that is not permanently connected. This sort of isolated backup prevents an infected machine from writing to them and allows to retain the integrity of your corporate data.
From a security perspective, we must ensure that if the endpoint doesn’t become infected or if malware bypasses a firewall, we have the right access control policies in place to minimize its spread. In addition, IT should ensure that employees aren’t putting the organization at risk through unpatched applications and are aware of the risks of clicking on malicious attachments.
Think ahead! Anticipate. Plan.
Hope for the best; plan or the worst.
An infected organization risks considerable loss. One California hospital recently paid hackers $17,000 in untraceable bitcoins after having their system locked up—by Locky—for 10 days. A quick way to figure out how costly it would be: how much would you pay to get back access to your data and systems?
If there is any “good” to come from the ransomware pandemic it’s this: it’s a reminder that it’s time to review your security strategy and disaster recovery process.
Our security strategies need to become more anticipatory—to recognize that we will see continual evolution and the constant appearance of new strains of ransomware, or of malware in general. Also, like a human virus, ransomware doesn’t discriminate, so don’t think you’re safe because of your size or industry; it targets the small, five-user shop or the largest healthcare providers just as readily. Perhaps ironically, many police forces have been brought down by ransomware in recent years.
The best way to reduce the potential damage is to review security strategies, but also your disaster recovery processes. If backups are accessible either via a third-party hosted solution or from an isolated network server that isn’t permanently connected, then your chances of bouncing back are much higher… without becoming some cybercriminal’s pay day.
If you want to change the status of your organization from vulnerable to prepared, make sure to educate and arm yourself with the best resources and tools available. To review your security stance and to learn about the latest security threats and solutions to abolish them, check our 2016 Ultimate Security Guide.