Ransomware is malware that encrypts the contents of hard drives with a key and then demands payment of a ransom in return for access to the encrypted files. Ransomware cost businesses an estimated billion dollars in 2016, and the trend of ransomware use is rising.
In 2016, 62 ransomware families were discovered. The most popular and successful versions include Locky, CryptoWall, Cerber, and CryptXXX. Throughout the year, these tools evolved from simple lockers to robust encryptors – and the prices have risen to unlock them as well. These tools have primarily affected the United States, but have been an emerging problem in all developed nations. Many industries have been targeted by ransomware campaigns, though the healthcare and financial services sectors seem to be the most lucrative targets for attackers at this time.
Businesses and organizations are often affected by ransomware, but the majority of attacks have been propagated against individual consumers. This is because people do not regularly back up their devices and data, and will therefore likely pay the ransom to get their files back. The fee is much smaller, but the volume of potential victims is much larger, making individuals a lucrative target. When users are affected by ransomware, the attackers typically demand payment in some form of crypto-currency, most often Bitcoin. Crypto-currency gives attackers anonymity for receiving their demands without fear of being easily tracked by where the money is paid.
Typically, a user is targeted by general information in a broad campaign of SPAM, but as campaigns become more and more sophisticated, cyber-security analysts are seeing attacks that are especially tailored to the individual target. Users in smaller groups may be targeted based upon their income, where they work, and what accesses to additional information they possess. Users are often unwary of such attacks, and easily fall victim to having their files stolen or destroyed.
Today is also the Superbowl, which is why Maverick is releasing this blog post now. Major events like this, or natural disasters, or the death of famous persons, are all great opportunities for the bad guys to launch ransomware campaigns. Tax day is another, where IRS-based scam and SPAM email could host ransomware links or attachments. Vigilance is the key.
Ransomware is just another tool in the hacker’s toolkit that can be mitigated with simple, consistent security practices.
1 - The primary mitigation is regular backups: If an organization or user is doing regular backups, and maintains those backups off-site – or off device (such as on a USB thumb drive), then a ransomware infection is not a crippling affair at all.
2 - Use updated software, and continuously update security products: A lot of users think that security products such as anti-virus aren’t a worthwhile expenditure. Others purchase or download strong free anti-virus tools but never keep them updated. The truth is most of the companies providing these products can detect a lot of the attacks before they happen, and can often prevent the initial infections that lead to compromise. But only if the products are kept up-to-date.
3 - Enable file extensions: The primary attack vector is email with malicious attachments or links. In fact, 91% of cyber attacks today still come from email. Fake file attachments are easy to spot if the user can identify that the type of file doesn’t match what it should.
4 – Check the sender: Making a quick check of the sender of the email can also help. If, for example, you get an email from someone whose email ends with “.pl” (the country code for Poland), and you do not know anyone from there, it probably isn’t something you want to click on or open. For those emails that seem suspicious but you know the person, contact them separately and ask before you click on attachments. These few seconds could save you a lot of pain – and money – from a ransomware attack.
5 – Educate your workforce: Regardless of whether an enterprise or an individual is targeted, a savvy user is far less likely to be taken advantage of with a fake email or link. Training users, or yourself, to detect and report suspicious behavior is a huge step forward in bolstering your security and lowering your overall attack surface. Not clicking on the attachment is the most effective way to stay secure.
A little vigilance goes a long way in cyber defense. Ransomware is a costly, painful way to remember that you have to regularly back up your data, update your security tools, and not blindly click on attachments or links in email. Ransomware is painful, but like so many cyber-security threats it is entirely preventable. Be vigilant. Prevent the problem. Stay ahead of the threat. That's the Maverick Way.