Tuesday, 16 February 2016

Ransomware: A Growing Threat

Imagine opening an email with a word document. It looks innocent enough, but in seconds, strange letters flow across your screen. Your data becomes unusuable. And then a demand pops on the screen for payment to make it usuable again. You have been held to ransom. This is "ransomware", and it is closer than you may think.

BBC news had this recent report about Guernsey:

“Businesses in Guernsey are being targeted by cyber attackers who demand a ransom to recover lost files, computer engineers have said. Ten companies have been hit by attacks that lock a business out of its computer system until a ransom is paid. No engineer has had any success in getting files back for customers so far. One person has tried to pay the ransom, but the price went up from £400 to £1,000 in 24 hours.”

Computer engineer Paul Domaille said the problems for one company began when they opened an email with the subject "remittance advice enclosed". He said: "I clicked on this email, the screen went black, clicked a few times and when I tried to look at quick books it was all gone. Everything stored on the computer was quickly encrypted. Messages then started to appear on screen asking for a ransom, in order to get the data back ”.

“Victims range from hotels and restaurants, to small businesses and individuals. In every case, there was a demand for money to unlock the computer.”

"The advice is not to pay it, go back to back up and that's the only way to recover your files."

And in the UK recently, another case:

“Lincolnshire County Council's IT is back up and running after the council shut everything down last week following a ransomware attack in which the attackers turned out to have asked for a mere £350. Despite the BBC reporting that the council had been hit by a £1m ransom, a spokesperson told The Register that it had only been asked for $500 (c £350), unsurprisingly to be paid in Bitcoin.”

Ransomware began in 2005, but has recently re-emerged as a mature form of malware. It works by using phishing technicques - psychological tricks - to try and persuade a user to click on a link, or open a document. 

This opens up the PC to run the software, and in a matter of minutes, all the data will be encrypted and unusable – unless you have a key. After the data is rendered inaccessible, a blackmail demand is made, often asking for the ransom to be paid in bitcoins, which are relatively untraceable.

The most success variant at the moment, according to security firm Imperva is called Cryptowall 3.0. The report says that it has caused $325 million (£225.7m) in damages so far.

Jonathan Sander, VP of product strategy at security firm Lieberman Software, says that Cryptowall is easily avoided with a good backup policy. He commented:

"The other problem is that reporting Cryptowall issues to more savvy law enforcement sounds like reporting your bike was stolen when you didn’t bother to lock it up. Since a good back up strategy can be almost 100 percent effective to combat Cryptowall, police may simply feel the real crime was your own lack of preventative measures".

Even though the advice to back up a computer sounds simple, it is often not done until disaster hits, and the hard drive fails, or in this case – the system is rendered inoperative. Sander says it is like advice for healthy living:

"So much good security advice sounds like health advice. Everyone knows they should eat right and exercise, but so many simply shrug at this advice as they return to chips in front of the television. Every organization knows they need to back up, monitor file activity, protect admin privileges, and run basic perimeter defenses like antivirus and firewalls. Since none of that security seems to contribute to the bottom line and takes a modicum of effort, people’s laziness kicks in and they skip the basics".

Michelle Drolet of Network World makes the following recommendations:

  • Install reputable anti-virus and anti-malware software.
  • Don't open attachments in emails, unless you know what it is.
  • Don't follow links in emails, close the email, and go directly to the website in your browser.
  • Use strong passwords, and don't reuse the same passwords.
  • Make sure all of your system software and browsers are patched automatically with security updates.
  • You should apply all of these rules to whatever device you're using. Smartphones, tablets, and Macs are not immune to ransomware.
  • Finally, make sure you have solid back-ups of all your data.

The latter is most important and they stress:

“You can also mitigate the risk of ransomware by having a robust and regular backup routine. If your files are backed up and you can access them, there's no need to pay to unlock them, but it may still require some serious effort to rid yourself of the ransomware once your system is infected.”

That's because the actual PC may be still infected, so the first step is to get a computer engineer to disinfect that, and make sure it is clean, and then and only then can you safely restore from backup. And you do keep regular backups, and test they can be restored, don't you?

No comments: