But, say you turn on your computer, and instantly you realize all of your files have been encrypted, and now in the hands of someone else. A pop-up message appears, alerting you that the only way to retrieve the files is by paying hundreds of dollars.
You’ve just experienced one of the most tactical ways of being virtually held hostage in the 21st century.
Although ransomware has existed since the late 80s, hackers are becoming more sophisticated than ever, and increasing the number of incidents in Canada and worldwide. According to the Canadian Anti-Fraud Centre (CAFC), online extortion scams, including ransomware, are growing exponentially. In 2013, the CAFC received over 4,000 reports with a total reported dollar loss of around $92,174. Just a couple months into 2014, the total reported dollar loss surpassed double that amount.
Unfortunately, today’s methods of encryption make files nearly impossible to recover, while new electronic forms of payment such as Bitcoin and Ukash, make it even more difficult to trace back to those accountable. Moreover, the attack is commonly referred to as “scareware” because of cyber criminals instilling fear and embarrassment among their victims – indicating the malware was caused by the victims using inappropriate websites – hindering them from turning to officials and experts for help.
It’s important to note that as hackers are becoming more advanced, targets of ransomware have already expanded outside of home users and small to midsize businesses. According to recent studies by the IBM Emergency Response Services (ERS), ransomware is increasingly creeping into enterprise networks, creating major disruption and draining resources spent on mitigation, legal counsel and monitoring services for employees and customers.
Based on the 2015 Ponemon Institute Cost of a Data Breach Study, 52 percent of data breaches among Canadian companies were caused by malicious or criminal attack, while system glitch and employee negligence or human error both represented 24 percent. The study also found that the total organizational cost of a data breach averaged to $5.32 million.
The reality is, by the time malicious ransomware files are detected, it’s likely too late for companies to recover. That’s why preparation before the attack is key.
Here are five steps from an IBM ERS Ransomware Response Guide that your organization can take to avoid a ransomware incident:
1. Educate your enterprise
Provide end users periodic training sessions on the types of potential dangers likely to encounter, how to recognize it and what actions they should or should not take. Consider even conducting a before-and-after mock phishing campaign to test the effectiveness.
2. Disallow executable attachments in emails
If possible, configure the email server to automatically strip any executable file, including files in ZIP archives that have an EXE, COM or SCR extension.
3. Restrict program execution from temp folders
Most ransomware begins by trying to copy the payload to the user’s temp folder to continue the execution chain. If you block that, the initial malware infection would be blocked.
4. Maintain up-to-date antivirus, endpoint protection and patch management
Antivirus solutions are the most common initial detection tools, so it’s important for companies to keep them up-to-date. However, simply implementing an antivirus will not ensure an entirely secure network. Consider additional endpoint protection solutions such as, Trusteer Apex, that rely on behaviour applications, or adopting an aggressive patch management policy, especially on widely used programs.
5. Test backups regularly and keep critical data off the endpoint
Check your backups regularly and make sure they’re capable of restoring all corporate files. In addition, train employees to avoid storing critical data on the endpoint. Instead, they should store it in secure locations that are backed up frequently.
More than 80 percent of security leaders believe the challenge posed by external threats is on the rise, while 60 percent also agree their organizations are outgunned in the cyber war, according to IBM’s most recent Chief Information Security Officers study.
As long as there is a way to make money from holding people’s files hostage, there will be ransomware. But taking proactive steps now to keep ransomware out of your organization will at least give you a fighting chance.
By Steven Leo, Security Services Business Unit Executive, IBM Canada
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…