What is it? Ransomware allows a malicious user to encrypt all your files and not give you the keys to unlock your data until after you pay the ransom of their choosing. This cancer is spreading and morphing as shown by CryptMix, a new variant claiming to even the money you pay to support charity. We believe we broke the news that ransomware was a billion-dollar problem, before even the FBI went public with this number. We are not happy that the number is so high but knew it had to be at least this large a problem as the number of phone calls we receive from infected companies looking for help has been steadily accelerating.
Be afraid. The FBI sees how big this problem is and has issued many guidelines for us to follow to stay safe. First, they examine the scope of the issue – showing no one is safe, including hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses. We’ve previously reported that power plants such as nuclear reactors are major targets as well – this hasn’t changed.
Growing fast. The FBI saw a rise in these sorts of attacks in 2015 and based on the first few months of this year, the FBI predicts 2016 will be even worse for US businesses as well as consumers looking to safeguard their photos, videos and other valuable documents.
How does it happen? Typically, a user is infected because they click a link on an email which they believe to be legitimate. This link can either open the malicious software or direct them to a website which downloads the software without their knowledge. In fact, quite often, the first sign that files are being attacked is the inability to access them or a message on the screen which tells you your data is now locked and instructs you where to direct payment.
Hackers are evolving. Spear phishing is becoming a preferred way to get users to click on malicious links. Phishing is a broad way to infect computers, by sending large amounts of messages with infections, the hope is, some people will be tempted to click. For example, by sending out many emails which appear to be from a popular bank, some of the intended recipients will identify with the message because they have accounts at the institution. Spear phishing takes this to the next level. By identifying some characteristics about the target, the hacker can then craft a message which is focused on the interests of the individual. For example, if a worker is a country music fan and sees an unbelievable offer from a popular country band, they will likely be tempted to click. Are they a fan of Prince? How about a special offer on Prince collectables? Research shows even the most private social media users can have their preferences leak out unintentionally thanks to other users with public profiles who share or comment on their posts.
Every website is suspect. The FBI points out the problem is far worse than just email as a few years back, hackers realized its often easier to infect a popular website than an individual. If your company happens to be in the insurance business and frequent insurance news sites, infecting such a site can allow someone to gain access to many computers.
The threat can target entire business sectors. This is as scary as it sounds… Cybertheives could use this method to encrypt the files of entire industries at once. Likewise, for government organizations, police offices, etc. Anywhere there is an affinity group, there is a potential hacker looking to exploit the opportunity by placing malicious code on a targeted website.
According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”
Don’t pay. The FBI doesn’t support paying a ransom in response to a ransomware attack. Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.” It’s worth noting U.S. Computer Emergency Readiness Team (US-CERT) also asks that you do not pay.
You could fund ISIS. In early April, we reached out to the FBI to get their thoughts on the liability of a company or person who pays a cyber-ransom which ends up in the hands of ISIS. We surmised, this could get you indicted – especially as it becomes common knowledge that the group is using this technique to finance their operations. In fact, recently the group created the United Cyber Caliphate which will bring together the cyber-terror activities of five or more distinct groups under a single umbrella. The FBI hasn’t responded to our request just yet – we will update this post if they do. This last line of the paragraph above though at least shows they want to make you aware you could be paying off murderers, thugs, terrorists, etc.
What should you do? The FBI suggests you have a two-step program at your organization or home. First off, you need to educate the users and invest in technology which prevents attacks from taking place. You also need a solid business continuity plan in case you are attacked. “There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said Trainor. “But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.” In the meantime, according to Trainor, the FBI will continue working with its local, federal, international, and private sector partners to combat ransomware and other cyber threats.
They outline other preventative steps you need to take to be as protected as possible:
Awareness and education. Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
Update systems regularly. Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
Use cybersecurity software. Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
Provide user-rights carefully. Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
Minimize data access. Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories. Its worth pointing out other government agency best practices from FINRA, NIST and the FCC also suggest the regular auditing of rights. For example, if a user gets transferred from accounting to another department, they likely no longer need access to financial documents.
Protect against auto-run infections. Disable macro scripts from office files transmitted over e-mail.
Predict malicious behavior and respond. Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts. Back up data regularly and verify the integrity of those backups regularly.
Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up. Whenever possible we suggest companies utilize an appliance which keeps a local backup onsite for rapid recovery as well as another copy in the cloud or offsite so the company can keep working in the event of an outage or attack.
There is no way to ensure you 100% safe from cyberattacks or ransomware. However, if you choose an experienced cybersecurity partner who can advise you as well as audit your systems, you can at least minimize the risk your company will be a target.
A new bread of Hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether its located in New York City, White Plains, Connecticut, Australia, Europe or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal so you can spend less time worrying and more on growing your business.